Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2021-41766 HIGH

Apache Karaf < 4.3.6 - Deserialization of Untrusted Data via JMX

CVE-2021-45394 HIGH

html2pdf < 5.2.4 - Deserialization of Untrusted Data via Malicious Link Tag

CVE-2021-43297 CRITICAL

Apache Dubbo <2.6.12, <2.7.15, <3.0 - Code Injection

CVE-2021-42392 CRITICAL

H2 < 2.0.204 - Insecure Deserialization

CVE-2021-20318 HIGH

JBoss Enterprise Application Platform - Remote Code Execution via JMS ObjectMessage Deserialization

CVE-2021-4118 HIGH

pytorch_lightning < 1.6.0 - Remote Code Execution via Pickle Deserialization

CVE-2021-43853 HIGH

Ajax.NET Professional < 21.12.22.1 - JavaScript Object Injection via JSON Parsing

CVE-2021-44029 CRITICAL

Quest KACE Desktop Authority < 11.2 - Remote Code Execution via RadAsyncUpload Deserialization

CVE-2021-36336 CRITICAL

Wyse Management Suite <3.3.1 - Code Injection

CVE-2021-42550 MEDIUM

qos logback < 1.2.7 - Deserialization of Untrusted Data via LDAP

CVE-2021-0970 HIGH

Android - Local Privilege Escalation via Parcel Deserialization Mismatch

CVE-2021-4104 HIGH

Apache Log4j 1.2 - Remote Code Execution via JMSAppender JNDI Requests

CVE-2021-24857 CRITICAL

ToTop Link WP <1.7.1 - Code Injection

CVE-2021-44228 CRITICAL KEV

Log4Shell HTTP Header Injection

CVE-2021-42130 HIGH

Ivanti Avalanche < 6.3.3 - Remote Code Execution via Deserialization of Untrusted Data

CVE-2021-42127 CRITICAL

Ivanti Avalanche < 6.3.3 - Remote Code Execution via Data Repository Service

CVE-2021-42125 HIGH

Ivanti Avalanche < 6.3.3 - Unauthenticated Arbitrary File Write via Inforail Service

CVE-2021-44682 CRITICAL

Veritas Enterprise Vault < 14.1.2 - Deserialization of Untrusted Data via .NET Remoting TCP Ports

CVE-2021-44681 CRITICAL

Veritas Enterprise Vault < 14.1.2 - Deserialization of Untrusted Data via .NET Remoting TCP Ports

CVE-2021-44680 CRITICAL

Veritas Enterprise Vault < 14.1.2 - Deserialization of Untrusted Data via .NET Remoting TCP Ports

CVE-2021-44679 CRITICAL

Veritas Enterprise Vault < 14.1.2 - Deserialization of Untrusted Data via .NET Remoting TCP Ports

CVE-2021-44678 CRITICAL

Veritas Enterprise Vault < 14.1.2 - Deserialization of Untrusted Data via .NET Remoting TCP Ports

CVE-2021-44677 CRITICAL

Veritas Enterprise Vault < 14.1.2 - Deserialization of Untrusted Data via .NET Remoting TCP Ports

CVE-2021-36567 CRITICAL

ThinkPHP 6.0.8 - Deserialization of Untrusted Data via League Flysystem AbstractCache

CVE-2021-36564 CRITICAL

ThinkPHP < 6.0.9 - Deserialization of Untrusted Data via Flysystem Cached Adapter

Previous Page 84 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy