Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2021-27852 CRITICAL KEV

Checkbox Survey < 7.0 - Unauthenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2021-32075 CRITICAL

Terraria < 1.4.2.3 - Remote Code Execution via Insecure Deserialization

CVE-2021-24307 HIGH

All in One SEO < 4.1.0.2 - Authenticated Remote Code Execution via INI File Deserialization

CVE-2021-32634 HIGH

Emissary 6.4.0 - Authenticated Remote Code Execution via Unsafe Deserialization in WorkSpaceClientEnqueue Action

CVE-2021-31474 CRITICAL

SolarWinds Network Performance Monitor 2020.2.1-2020.2.5 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-24280 HIGH

Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection via import_from_debug AJAX Action

CVE-2021-33026 CRITICAL

Flask-Caching <1.10.1 - Code Injection

CVE-2021-29508 CRITICAL

asynkron Wire - Deserialization of Untrusted Data via Surrogate Type Handling

CVE-2021-32098 CRITICAL

Artica Pandora FMS 742 - Unauthenticated Remote Code Execution via Phar Deserialization

CVE-2021-25152 HIGH

Aruba AirWave < 8.2.12.1 - Remote Insecure Deserialization

CVE-2021-25151 HIGH

Aruba AirWave < 8.2.12.1 - Remote Insecure Deserialization

CVE-2021-29476 CRITICAL

Requests 1.6.0-1.7.0 - Deserialization of Untrusted Data in FilteredIterator

CVE-2021-30128 CRITICAL

Apache OFBiz <17.12.07 - Deserialization

CVE-2021-29200 CRITICAL

Apache OFBiz < 17.12.07 - Unauthenticated Remote Code Execution via Unsafe Deserialization

CVE-2021-27277 HIGH

SolarWinds Orion Platform - Privilege Escalation via OneTimeJobSchedulerEventsService WCF Deserialization

CVE-2021-3287 CRITICAL

ManageEngine OpManager SumPDU Java Deserialization

CVE-2021-21426 CRITICAL

OpenMage Magento < 19.4.13 - Deserialization of Untrusted Data

CVE-2021-3035 MEDIUM

Bridgecrew Checkov <2.0.26 - Code Injection

CVE-2021-27850 CRITICAL

Apache Tapestry 5.4.0-5.6.2 and 5.7.0 - Unauthenticated Remote Code Execution via Asset File URL Blacklist Bypass

CVE-2021-29654 HIGH

AjaxSearchPro < 4.20.8 - Remote Code Execution via Database Import Deserialization

CVE-2021-21524 CRITICAL

Dell Storage Monitoring and Reporting < 4.5.0.1 - Unauthenticated RCE via Untrusted Deserialization

CVE-2021-24217 HIGH

Facebook for WordPress < 3.0.0 - Remote Code Execution via Unsafe Deserialization

CVE-2021-1415 MEDIUM

Cisco RV340, RV340W, RV345, RV345P Firmware < 1.0.03.21 - Authenticated Remote Code Execution via HTTP Request

CVE-2021-1414 MEDIUM

Cisco RV340, RV340W, RV345, and RV345P Firmware < 1.0.03.21 - Authenticated Remote Code Execution via HTTP Request

CVE-2021-1413 MEDIUM

Cisco RV340, RV340W, RV345, RV345P Firmware < 1.0.03.21 - Authenticated Remote Code Execution via HTTP Request

Previous Page 89 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy