Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,841 vulnerabilities with CWE-502

CVE-2020-23621 CRITICAL

SVI MS Management System - Code Injection

CVE-2020-23620 CRITICAL

Orlansoft ERP - Remote Code Execution via Insecure Java Deserialization

CVE-2020-19229 CRITICAL

Jeesite 1.2.7 - Remote Code Execution via Apache Shiro Deserialization

CVE-2020-5341 CRITICAL

Dell EMC Avamar Server 7.4.1-19.2 & Integrated Data Protection Appliance 2.0-2.4.1 - RCE via Deserialization

CVE-2020-9493 CRITICAL

Apache Chainsaw < 2.1.0 - Remote Code Execution via Deserialization

CVE-2020-36326 CRITICAL

PHPMailer 6.1.8-6.4.0 - Object Injection via addAttachment UNC Pathname

CVE-2020-7385 HIGH

Metasploit Framework < 4.19.0 - Remote Code Execution via DRb Deserialization

CVE-2020-36282 CRITICAL

RabbitMQ JMS Client 1.0.0-1.15.1 and 2.0-2.1.9 - Remote Code Execution via StreamMessage Deserialization

CVE-2020-29045 CRITICAL

Five Star Restaurant Menu < 2.2.0 - Remote Code Execution via Unserialize in fdm_cart Cookie

CVE-2020-24914 CRITICAL

qcubed < 3.1.1 - Unauthenticated Remote Code Execution via Unsafe Unserialization in profile.php

CVE-2020-24036 HIGH

ForkCMS < 5.8.3 - Authenticated Remote Code Execution via Ajax Endpoint

CVE-2020-29047 CRITICAL

WP Hotel Booking < 1.10.2 - Remote Code Execution via Unserialize in Cookie

CVE-2020-27868 CRITICAL

Qognify Ocularis 5.9.0.395 - Unauthenticated Remote Code Execution via EventCoordinator Deserialization

CVE-2020-4888 HIGH

IBM QRadar SIEM 7.3.0-7.3.3 Patch 7 and 7.4.0-7.4.2 Patch 1 - Remote Code Execution via Java Deserialization

CVE-2020-4682 CRITICAL

IBM MQ 7.5-9.2 - Remote Code Execution via Unsafe Deserialization

CVE-2020-27583 CRITICAL

IBM InfoSphere Information Server 8.5.0.0 - Code Injection

CVE-2020-17532 HIGH

Apache ServiceComb-Java-Chassis <2.1.4 - Authenticated RCE

CVE-2020-12525 HIGH

M&M Software fdtCONTAINER <3.5.20304.x, 3.6-3.6.20304.x - Deseriali...

CVE-2020-24639 CRITICAL

Airwave Glass <1.3.3 - Code Injection

CVE-2020-23653 CRITICAL

ThinkAdmin 4.x-6.x - Remote Code Execution via Insecure Unserialize in Update and Push API

CVE-2020-26118 HIGH

SmartBear Collaborator <= 13.3.13302 - Authenticated Remote Code Execution via Java Deserialization

CVE-2020-11995 CRITICAL

Apache Dubbo 2.5.0-2.5.9 and 2.7.0-2.7.7 - Remote Code Execution via Hessian2 Deserialization

CVE-2020-36183 HIGH

FasterXML jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data

CVE-2020-36182 HIGH

jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data

CVE-2020-36180 HIGH

Netapp Cloud Backup < 21.1.2 - Insecure Deserialization

Previous Page 92 of 114 Next

Details

Vulnerabilities 2,841

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy