Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,841 vulnerabilities with CWE-502

CVE-2020-17531 CRITICAL

Apache Tapestry 4 - Deserialization

CVE-2020-28948 HIGH

Archive_Tar < 1.4.11 - Deserialization of Untrusted Data via PHAR Case Bypass

CVE-2020-27131 HIGH

Cisco Security Manager < 4.22 - Unauthenticated Remote Code Execution via Java Deserialization

CVE-2020-5664 CRITICAL

XooNIps < 3.49 - Remote Code Execution via Untrusted Data Deserialization

CVE-2020-28339 HIGH

welcart_e-commerce < 1.9.36 - Object Injection via usces_unserialize

CVE-2020-26207 HIGH

Databaseschemareader Dbschemareader - Insecure Deserialization

CVE-2020-28032 CRITICAL

WordPress < 5.5.2 - Deserialization of Untrusted Data in FilteredIterator

CVE-2020-10721 HIGH

fabric8-maven-plugin >=4.0.0 - Code Injection

CVE-2020-15244 HIGH

Magento <19.4.8-20.0.4 - Code Injection

CVE-2020-24648 CRITICAL

HPE Intelligent Management Center <PLAT 7.3 - RCE

CVE-2020-7811 MEDIUM

Samsung Update <3.0.32.0 - Privilege Escalation

CVE-2020-26867 CRITICAL

ARC Informatique PcVue <12.0.17 - Code Injection

CVE-2020-26945 HIGH

MyBatis < 3.5.6 - Deserialization of Untrusted Data

CVE-2020-4280 HIGH

IBM QRadar SIEM 7.3.0-7.3.2 and 7.4.0 - Remote Code Execution via Java Deserialization

CVE-2020-14030 HIGH

Ozeki NG SMS Gateway < 4.17.6 - Remote Code Execution via .NET Deserialization

CVE-2020-15188 CRITICAL

SOY CMS <=3.0.2.327 - Unauthenticated Code Execution via Form Deserialization

CVE-2020-24750 HIGH

jackson-databind 2.0.0-2.9.10.5 - Deserialization of Untrusted Data via JndiConfiguration

CVE-2020-7532 HIGH

SCADAPack x70 Security Administrator < 1.2.0 - Remote Code Execution via Malicious .SDB File

CVE-2020-7528 HIGH

SCADAPack 7x Remote Connect < 3.6.3.574 - Remote Code Execution via Malicious .PRJ File

CVE-2020-15172 HIGH

fluffycogs < 2.0.38 - Remote Code Execution via Untrusted Data Deserialization

CVE-2020-15148 HIGH

Yii 2 <2.0.38 - Remote Code Execution via Unsafe unserialize()

CVE-2020-4521 HIGH

IBM Maximo Asset Management 7.6.0-7.6.0.9 - Authenticated Remote Code Execution via Unsafe Java Deserialization

CVE-2020-24164 HIGH

Taoensso Nippy <2.14.2 - Deserialization

CVE-2020-25260 CRITICAL

Hyland OnBase <= 20.3.10.1000 - Remote Code Execution via Unsafe JSON Deserialization

CVE-2020-25259 CRITICAL

Hyland OnBase Deserialization of Untrusted Data via XML

Previous Page 94 of 114 Next

Details

Vulnerabilities 2,841

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy