Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2021-31681 HIGH

yolov3 - Remote Code Execution via YAML Deserialization

CVE-2021-31680 HIGH

yolov5 - Remote Code Execution via YAML Deserialization

CVE-2021-28254 CRITICAL

Laravel 8.5.9 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-32828 MEDIUM

Nuxeo < 11.5.109 - Reflected Cross-Site Scripting and Remote Code Execution via OAuth2 REST API

CVE-2021-32824 CRITICAL

Apache Dubbo < 2.6.10 - Unauthenticated Remote Code Execution via Telnet Handler Bean Manipulation

CVE-2021-38241 CRITICAL

Ruoyi < 4.6.1 - Remote Code Execution via Shiro Weak Cipher Deserialization

CVE-2021-33420 CRITICAL

inikulin replicator <1.0.4 - Code Injection

CVE-2021-25642 HIGH

Apache Hadoop 2.9.0-2.10.1 - Remote Code Execution via ZKConfigurationStore Deserialization

CVE-2021-4178 MEDIUM

fabric8-kubernetes 5.0.0-beta-1-5.0.3 - Arbitrary Code Execution via YAML Parsing

CVE-2021-4125 HIGH

OpenShift 4.6.0-4.6.51 - Deserialization of Untrusted Data in Metering Hive Container

CVE-2021-41419 CRITICAL

QVIS DVR and NVR Firmware < 2021-12-13 - Remote Code Execution via Java Deserialization

CVE-2021-36665 HIGH

Druva inSync Client < 7.0.0 - Local Privilege Escalation via inSyncUpgradeDaemon

CVE-2021-35095 HIGH

Snapdragon Connectivity - Snapdragon Mobile - Use After Free

CVE-2021-32935 HIGH

Cognex In-Sight OPC Server <5.7.4 - Deserialization

CVE-2021-23592 HIGH

thinkphp < 6.0.12 - Deserialization of Untrusted Data via Insecure Unserialize Method

CVE-2021-21956 HIGH

CloudLinux Imunify360 5.10.2 - Remote Code Execution via Ai-Bolit PHP Unserialize

CVE-2021-33207 CRITICAL

MashZone NextGen <10.7 - Deserialization

CVE-2021-27475 HIGH

Rockwellautomation Connected Components Workbench < 12.00.00 - Insecure Deserialization

CVE-2021-27470 CRITICAL

Rockwell Automation FactoryTalk AssetCentre <10.00 - Deserialization

CVE-2021-27466 CRITICAL

Rockwell Automation FactoryTalk AssetCentre <10.00 - Open Redirect

CVE-2021-27462 CRITICAL

Rockwell Automation FactoryTalk AssetCentre <10.00 - Open Redirect

CVE-2021-27460 CRITICAL

Rockwell Automation FactoryTalk AssetCentre <10.00 - Deserialization

CVE-2021-46364 HIGH

Magnolia CMS < 6.2.4 - Remote Code Execution via Snake YAML Deserialization

CVE-2021-42631 HIGH

PrinterLogic Web Stack <= 19.1.1.13 SP9 - Unauthenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2021-45899 CRITICAL

SuiteCRM <7.12.3, <8.0.2 - Code Injection

Previous Page 83 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy