Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2021-39153 HIGH

XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-39151 HIGH

XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-39149 HIGH

XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-39148 HIGH

XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-39147 HIGH

XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-39146 HIGH

XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-39145 HIGH

XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-39144 HIGH KEV

XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-39141 HIGH

XStream < 1.4.18 - Remote Code Execution via Deserialization

CVE-2021-39139 HIGH

XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-21868 HIGH

CODESYS Development System 3.5.16-3.5.17 - Remote Code Execution via Unsafe Deserialization in ObjectManager.plugin

CVE-2021-21867 HIGH

CODESYS Development System 3.5.16-3.5.17 - Remote Code Execution via Unsafe Deserialization in ObjectManager.plugin

CVE-2021-37678 CRITICAL

TensorFlow 2.3.0-2.3.3 - Remote Code Execution via Keras YAML Model Deserialization

CVE-2021-38585 HIGH

cPanel < 98.0.1 - Deserialization of Untrusted Data via WHM Locale Upload Feature

CVE-2021-23420 HIGH

codeception/codeception < 3.1.3 - Remote Code Execution via RunProcess Deserialization Gadget

CVE-2021-37544 CRITICAL

JetBrains TeamCity < 2020.2.4 - Deserialization of Untrusted Data

CVE-2021-37632 HIGH

SuperMartijn642's Config Lib 1.0.4-1.0.8 - Remote Code Execution via Untrusted Object Deserialization

CVE-2021-34371 CRITICAL

Neo4j < 3.4.18 and 3.5.0 - Remote Code Execution via RMI Deserialization

CVE-2021-21863 HIGH

CODESYS Development System 3.5.16-3.5.17 - RCE via Unsafe Deserialization in ComponentModel

CVE-2021-36483 HIGH

DevExpress.XtraReports.UI < 21.1 - Remote Code Execution via Insecure Deserialization

CVE-2021-21866 HIGH

CODESYS Development System 3.5.16-3.5.17 - Remote Code Execution via Unsafe Deserialization in ObjectManager.plugin

CVE-2021-21865 HIGH

CODESYS Development System 3.5.16 - Remote Code Execution via Unsafe Deserialization in PackageManagement.plugin

CVE-2021-21864 HIGH

CODESYS Development System 3.5.16-3.5.17 - RCE via Unsafe Deserialization in ComponentManager

CVE-2021-36766 HIGH

Concrete5 < 8.5.6 - PHP Object Injection via Log File Parameter

CVE-2021-29781 CRITICAL

IBM Partner Engagement Manager 2.0 - Remote Code Execution via Unsafe Deserialization

Previous Page 87 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy