Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2022-21445 CRITICAL KEV

Oracle ADF 12.2.1.3.0/12.2.1.4.0 - RCE via Deserialization

CVE-2022-27158 CRITICAL

PHP Pearweb < 1.32.0 - Insecure Deserialization

CVE-2022-24846 CRITICAL

GeoWebCache < 1.19.3 - Remote Code Execution via JNDI Lookup in Disk Quota Mechanism

CVE-2022-22958 HIGH

VMware Workspace ONE Access, Identity Manager, vRealize Automation - Remote Code Execution via JDBC URI Deserialization

CVE-2022-22957 HIGH

VMware Workspace ONE Access and Identity Manager - Remote Code Execution via JDBC URI Deserialization

CVE-2022-23450 CRITICAL

SIMATIC Energy Manager Basic and PRO < 7.3 Update 1 - Unauthenticated Remote Code Execution via Insecure Deserialization

CVE-2022-20763 MEDIUM

Cisco Webex Meetings - Code Injection

CVE-2022-1032 HIGH

crater < 6.0.6 - Remote Code Execution via Insecure Deserialization

CVE-2022-26503 HIGH

Veeam Agent for Windows <5.x - Code Injection

CVE-2022-0749 HIGH

SinGooCMS.Utility - Deserialization of Untrusted Data via BinaryFormatter

CVE-2022-23940 HIGH

SuiteCRM <8.0.1 - Authenticated RCE

CVE-2022-24282 HIGH

SINEC NMS < 2.0 and < 1.0.3 and SINEMA Server V14 - Remote Code Execution via Insecure JSON Deserialization

CVE-2022-21828 HIGH

Ivanti Incapptic Connect 1.35.3-1.40.0 - Authenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2022-0138 HIGH

Airspan Mimosa Management Platform <1.0.3 / C6x/C5x/C5c <2.8.6.1 / A5x <2.5.4.1 - Untrusted Data Deserialization

CVE-2022-24289 HIGH

Apache Cayenne <4.1 - Code Injection

CVE-2022-22005 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2022-0538 HIGH

Jenkins < 2.334 and LTS < 2.319.3 - Deserialization of Untrusted Data

CVE-2022-21341 MEDIUM

Oracle GraalVM Enterprise Edition 20.3.4 and 21.3.0 - Unauthenticated Partial Denial of Service via Serialization

CVE-2022-23307 HIGH

Apache Chainsaw < 2.1.0 - Deserialization of Untrusted Data

CVE-2022-23302 HIGH

Apache Log4j 1.x - Deserialization of Untrusted Data via JMSSink Configuration

CVE-2022-21663 MEDIUM

WordPress < 5.8.3 - Authenticated Object Injection via Multisite Super Admin Role

CVE-2022-21647 HIGH

CodeIgniter 4.0.0-4.1.5 - Deserialization of Untrusted Data via old() Function

CVE-2021-27017 MEDIUM

Puppet Agent <7.4.0 - Deserialization

CVE-2021-3838 CRITICAL

dompdf < 2.0.0 - Remote Code Execution via PHAR Deserialization

CVE-2021-4451 MEDIUM

NinjaFirewall < 4.3.3 - Authenticated PHAR Deserialization

Previous Page 82 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy