Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2021-37578 CRITICAL

Apache jUDDI < 3.3.10 - Remote Code Execution via RMI Deserialization

CVE-2021-35464 CRITICAL KEV

ForgeRock Access Management < 6.5.4 & OpenAM 9.0.0-14.6.3 - RCE via Jato PageSession Deserialization

CVE-2021-22777 HIGH

SoSafe Configurable < 1.8.1 - Remote Code Execution via Malicious Project File

CVE-2021-34520 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-32742 HIGH

Vapor < 4.47.2 - Denial of Service via Data.init(base32Encoded:)

CVE-2021-29150 HIGH

Aruba ClearPass Policy Manager < 6.8.9 - Remote Insecure Deserialization

CVE-2021-24384 CRITICAL

JoomSport < 5.1.8 - Unauthenticated PHP Object Injection via shattr POST Parameter

CVE-2021-35971 CRITICAL

Veeam Backup and Replication <10.0.1.4854-11.0.0.837 - Deserialization

CVE-2021-29485 CRITICAL

Ratpack < 1.9.0 - Remote Code Execution via Java Deserialization Gadget Chain

CVE-2021-22439 HIGH

Huawei AnyOffice V200R006C10 - Deserialization

CVE-2021-31649 CRITICAL

jfinal < 4.9.08 - Deserialization of Untrusted Data via Redis

CVE-2021-34394 MEDIUM

NVIDIA Jetson Linux < 32.5.1 - Deserialization of Untrusted Data in Trusty OTE Protocol

CVE-2021-34393 MEDIUM

NVIDIA Jetson Linux < 32.5.1 - Deserialization of Untrusted Data in TSEC TA

CVE-2021-35196 HIGH

Manuskript <0.12.0 - Code Injection

CVE-2021-3040 MEDIUM

Bridgecrew Checkov <2.0.139 - Code Injection

CVE-2021-33176 HIGH

VerneMQ < 1.12.0 - Denial of Service via Untrusted Input Handling

CVE-2021-33175 HIGH

EMQ X Broker < 4.2.8 - Denial of Service via Untrusted Input Handling

CVE-2021-33898 HIGH

Invoice Ninja < 4.4.0 - Remote Code Execution via Unsafe Deserialization in AccountRepository

CVE-2021-33806 CRITICAL

bdew bdlib < 1.16.1.7 - Remote Code Execution via Java Deserialization

CVE-2021-23895 CRITICAL

McAfee Database Security < 4.8.2 - Authenticated Remote Code Execution via Java Deserialization

CVE-2021-23894 CRITICAL

McAfee Database Security < 4.8.2 - Unauthenticated Remote Code Execution via Java Deserialization

CVE-2021-30179 CRITICAL

Apache Dubbo 2.5.0-2.5.9, 2.6.0-2.6.8, 2.7.0-2.7.9 - Deserialization of Untrusted Data via GenericFilter

CVE-2021-25641 CRITICAL

Apache Dubbo 2.5.0-2.6.8 & 2.7.0-2.7.7 Unauthenticated Deserialization via Serialization ID Tampering

CVE-2021-33790 CRITICAL

RebornCore < 3.13.8 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-29505 HIGH

XStream < 1.4.17 - Remote Code Execution via Untrusted Data Deserialization

Previous Page 88 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy