Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,741 vulnerabilities with CWE-502

CVE-2026-4266 HIGH

WatchGuard Firebox Insecure Deserialization in Fireware Access Portal

CVE-2026-4416 HIGH

GIGABYTE｜Performance Library - Insecure Deserialization

CVE-2026-4851 CRITICAL

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization

CVE-2026-33728 CRITICAL

dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution

CVE-2026-33725 HIGH

Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import

CVE-2026-33701 CRITICAL

OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution

CVE-2026-4860 HIGH

648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization

CVE-2026-3328 HIGH

Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts

CVE-2026-33942 CRITICAL

Saloon has insecure deserialization in AccessTokenAuthenticator (object injection / RCE)

CVE-2026-32513 HIGH

WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability

CVE-2026-32512 CRITICAL

WordPress Pelicula theme < 1.10 - PHP Object Injection vulnerability

CVE-2026-32511 MEDIUM

WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability

CVE-2026-32510 MEDIUM

WordPress Kamperen theme < 1.3 - Arbitrary Object Instantiation vulnerability

CVE-2026-32509 MEDIUM

WordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerability

CVE-2026-32508 MEDIUM

WordPress Halstein theme < 1.8 - Arbitrary Object Instantiation vulnerability

CVE-2026-32507 MEDIUM

WordPress Leroux theme < 1.4 - Arbitrary Object Instantiation vulnerability

CVE-2026-32506 MEDIUM

WordPress Archicon theme < 1.7 - Arbitrary Object Instantiation vulnerability

CVE-2026-32502 CRITICAL

WordPress Borgholm theme < 1.6 - PHP Object Injection vulnerability

CVE-2026-32484 HIGH

WordPress weForms plugin <= 1.6.26 - PHP Object Injection vulnerability

CVE-2026-27095 CRITICAL

WordPress Bus Ticket Booking with Seat Reservation plugin <= 5.6.0 - PHP Object Injection vulnerability

CVE-2026-27084 CRITICAL

WordPress Buisson theme <= 1.1.11 - PHP Object Injection vulnerability

CVE-2026-27083 CRITICAL

WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability

CVE-2026-27082 CRITICAL

WordPress Love Story theme <= 1.3.12 - PHP Object Injection vulnerability

CVE-2026-27045 HIGH

WordPress WooCommerce Infinite Scroll plugin <= 1.6.2 - PHP Object Injection vulnerability

CVE-2026-25429 CRITICAL

WordPress Nexa Blocks plugin <= 1.1.1 - PHP Object Injection vulnerability

Previous Page 9 of 110 Next

Details

Vulnerabilities 2,741

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy