Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2021-23758 HIGH

ajaxpro.2 < 21.10.30.1 and AjaxNetProfessional < 21.11.29.1 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-43360 HIGH

Sunnet eHRD - Authenticated Remote Code Execution via Deserialization

CVE-2021-22095 MEDIUM

Spring AMQP 2.2.0-2.2.19 and 2.3.0-2.3.11 - Denial of Service via Large Message Body Deserialization

CVE-2021-34992 HIGH

Orckestra C1 CMS 6.10 - Authenticated Remote Code Execution via Deserialization in Composite.dll

CVE-2021-26558 HIGH

Apache ShardingSphere-UI 4.1.1-5.0.0 - Deserialization of Untrusted Data

CVE-2021-42698 HIGH

DAQFactory - Memory Corruption via Binary Deserialization

CVE-2021-42237 CRITICAL KEV

Sitecore Experience Platform 7.5-8.2 Update-7 - Unauthenticated Remote Code Execution via Insecure Deserialization

CVE-2021-22097 MEDIUM

Spring AMQP 2.2.0-2.2.18 and 2.3.0-2.3.10 - Denial of Service via Malicious Dictionary Deserialization

CVE-2021-41078 HIGH

nameko < 2.13.0 - Remote Code Execution via Config File Deserialization

CVE-2021-40865 CRITICAL

Apache Storm <2.2.1, <2.3.0, <1.2.4 - Open Redirect

CVE-2021-40719 CRITICAL

Adobe Connect <11.2.3 - Code Injection

CVE-2021-39321 HIGH

Sassy Social Share 3.3.23 - Authenticated PHP Object Injection via Import Config AJAX Action

CVE-2021-35227 MEDIUM

RabbitMQ Plugin <2020.2.6 - Info Disclosure

CVE-2021-40720 CRITICAL

Adobe ops-cli < 2.0.5 - Remote Code Execution via Deserialization in Checkout Repo Function

CVE-2021-40843 HIGH

Proofpoint Insider Threat Management Server <7.11.2 - Deserialization

CVE-2021-33728 HIGH

SINEC NMS < V1.0 SP2 Update 1 - Code Injection

CVE-2021-25738 MEDIUM

kubernetes/java < 9.0.2 and io.kubernetes/client-java < 11.0.1 - Remote Code Execution via YAML Deserialization

CVE-2021-42090 CRITICAL

Zammad < 4.1.1 - Remote Code Execution via Form Deserialization

CVE-2021-41129 HIGH

Pterodactyl Panel 1.0.0-1.6.1 - Authentication Bypass via Two-Factor Confirmation Token Manipulation

CVE-2021-0685 HIGH

Android - Local Privilege Escalation via Unsafe Parcel Deserialization in ParsedIntentInfo

CVE-2021-41110 CRITICAL

cwlviewer <1.3.1 - Deserialization of Untrusted Data

CVE-2021-41616 CRITICAL

Apache DB DdlUtils 1.0 - Deserialization of Untrusted Data via BinaryObjectsHelper

CVE-2021-41588 HIGH

Gradle Enterprise 2017.2-2021.1.3 - Deserialization of Untrusted Data

CVE-2021-40102 CRITICAL

Concrete CMS < 8.5.5 - Arbitrary File Deletion via PHAR Deserialization

CVE-2021-31819 CRITICAL

Halibut < 4.4.7 - Remote Code Execution via Deserialization

Previous Page 85 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy