Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2021-39392 CRITICAL

MyLittleBackup <= 1.7 - Remote Code Execution via Hardcoded MachineKey Deserialization

CVE-2021-37181 CRITICAL

Siemens Cerberus DMS and Desigo CC - Unauthenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2021-39207 HIGH

ParlAI < 1.1.0 - Remote Code Execution via YAML Deserialization

CVE-2021-24040 CRITICAL

ParlAI < 1.1.0 - Remote Code Execution via Unsafe YAML Deserialization

CVE-2021-37579 CRITICAL

Apache Dubbo 2.7.0-2.7.12 - Deserialization of Untrusted Data via Security Check Bypass

CVE-2021-32836 HIGH

ZStack <3.10.12-4.1.6 - Open Redirect

CVE-2021-35217 HIGH

Patch Manager Orion Platform - Code Injection

CVE-2021-36163 CRITICAL

Apache Dubbo 2.7.0-2.7.12 - Deserialization of Untrusted Data via Hessian Protocol

CVE-2021-32568 HIGH

mrdoc < 0.7.0 - Deserialization of Untrusted Data

CVE-2021-35218 HIGH

SolarWinds Orion Platform < 2020.2.6 - Unauthenticated Remote Code Execution via Web Console Chart Endpoint

CVE-2021-35216 HIGH

SolarWinds Patch Manager < 2020.2.6 - Authenticated Remote Code Execution via Insecure Deserialization

CVE-2021-35215 HIGH

SolarWinds Orion Platform < 2020.2.5 - Authenticated Remote Code Execution via Insecure Deserialization

CVE-2021-36231 HIGH

MIK.starlight <7.9.5.24363 - Code Injection

CVE-2021-21677 HIGH

Jenkins Code Coverage API Plugin < 1.4.0 - Remote Code Execution via Untrusted Java Deserialization

CVE-2021-36981 HIGH

verinice < 1.22.2 - Authenticated Remote Code Execution via Unsafe Java Deserialization

CVE-2021-39132 HIGH

Rundeck < 3.3.14 and 3.4.0-3.4.3 - Authenticated Remote Code Execution via Untrusted Plugin or ACL Policy Upload

CVE-2021-34066 CRITICAL

EdgeGallery/developer-be < 1.0 - Remote Code Execution via YAML Deserialization

CVE-2021-21741 CRITICAL

ZTE ZXV10 M910 Firmware - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-24579 HIGH

Bold Page Builder < 3.1.6 - PHP Object Injection via bt_bb_get_grid AJAX Action

CVE-2021-21869 HIGH

CODESYS Development System 3.5.16-3.5.17 - Remote Code Execution via Unsafe Deserialization in ProfileData

CVE-2021-31010 HIGH KEV

iPadOS < 14.8 - Sandbox Escape via Deserialization Issue

CVE-2021-39152 HIGH

XStream < 1.4.18 - Remote Code Execution via Deserialization

CVE-2021-39150 HIGH

Oracle Utilities Framework < 1.4.18 - SSRF

CVE-2021-39140 MEDIUM

XStream < 1.4.18 - Denial of Service via CPU Exhaustion

CVE-2021-39154 HIGH

XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization

Previous Page 86 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy