Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,841 vulnerabilities with CWE-502

CVE-2021-22855 CRITICAL

HR Portal - Remote Code Execution via Untrusted Deserialization

CVE-2021-23338 MEDIUM

qlib < 0.7.0 - Remote Code Execution via Unsafe YAML Deserialization

CVE-2021-27213 CRITICAL

pystemon < 2021-02-13 - Remote Code Execution via YAML Deserialization

CVE-2021-26915 HIGH

NetMotion Mobility < 11.73 & 12.x < 12.02 - RCE via Java Deserialization in StatusServlet

CVE-2021-26914 HIGH

NetMotion Mobility < 11.73 and 12.x < 12.02 - Unauthenticated Remote Code Execution via Java Deserialization in MvcUtil

CVE-2021-26913 HIGH

NetMotion Mobility < 11.73 and 12.x < 12.02 - Remote Code Execution via Java Deserialization

CVE-2021-26912 HIGH

NetMotion Mobility <11.73/12.x<12.02 - RCE via Java Deserialization

CVE-2021-25274 CRITICAL

SolarWinds Orion Platform <2020.2.4 - RCE

CVE-2021-25758 HIGH

JetBrains IntelliJ IDEA < 2020.3 - Local Code Execution via Insecure Workspace Model Deserialization

CVE-2021-3160 CRITICAL

ACA ASSUREX RENTES ASSUWEB 359.3 build 1 - Unauthenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2021-20190 HIGH

jackson-databind < 2.9.10.7 - Deserialization of Untrusted Data

CVE-2021-25294 CRITICAL

OpenCATS <= 0.9.5-3 - Remote Code Execution via Unsafe Deserialization in DataGrid Activity Parameter

CVE-2021-21249 CRITICAL

OneDev < 4.0.3 - Authenticated Remote Code Execution via SnakeYAML Deserialization

CVE-2021-21247 CRITICAL

OneDev < 4.0.3 - Authenticated Remote Code Execution via AJAX Event Listener Deserialization

CVE-2021-21242 CRITICAL

OneDev < 4.0.3 - Unauthenticated Remote Code Execution via Attachment-Support Header Deserialization

CVE-2021-21243 CRITICAL

OneDev <4.0.3 - Pre-Auth Code Injection

CVE-2021-21604 HIGH

Jenkins < 2.263.1, < 2.274 - Deserialization of Untrusted Data via Old Data Monitor

CVE-2021-3007 CRITICAL

Laminas Project laminas-http <2.14.2 - Code Injection

CVE-2020-37071 CRITICAL

CraftCMS 3 vCard Plugin 1.0.0 - Code Injection

CVE-2020-19559 CRITICAL

Diebold Aglis XFS for Opteva 4.1.61.1 - Remote Code Execution via ResolveMethod() Parameter

CVE-2020-36727 CRITICAL

Newsletter Manager <1.5.1 - Open Redirect

CVE-2020-36726 CRITICAL

Ultimate Reviews <2.1.32 - Code Injection

CVE-2020-36718 CRITICAL

GDPR CCPA Compliance Support <2.3 - Code Injection

CVE-2020-29312 CRITICAL

Zend Framework < 3.1.3 - Remote Code Execution via Unserialize Function

CVE-2020-10650 HIGH

jackson-databind <2.9.10.4 - Open Redirect

Previous Page 91 of 114 Next

Details

Vulnerabilities 2,841

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy