Weaknesses of type CWE-502

2,282 results
CVE-2026-11857HIGHInsecure .NET Remoting deserialization in Quanos SCHEMA ST4 Client Update Service allows local privilege escalationEPSS 0.3%CVE-2024-0654MEDIUMDeepFaceLab Util.py deserializationEPSS 0.3%CVE-2026-46386CRITICALOpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`EPSS 0.3%CVE-2025-66214HIGHLadybug has an XMLDecoder Deserialization Vulnerability (Java RCE)EPSS 0.3%CVE-2025-15117LOWDromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserializationEPSS 0.3%CVE-2023-52200CRITICALWordPress ARMember Plugin <= 4.0.22 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object InjectionEPSS 0.3%CVE-2023-51545CRITICALWordPress Job Manager & Career Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object InjectionEPSS 0.3%CVE-2026-39578HIGHWordPress Valiance theme <= 1.2 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2026-39324CRITICALRack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserializationEPSS 0.3%CVE-2026-48917MEDIUMJenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.EPSS 0.3%CVE-2026-48919MEDIUMJenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.EPSS 0.3%CVE-2026-1235MEDIUMWP eCommerce <= 3.15.1 - Unauthenticated PHP Object InjectionEPSS 0.3%CVE-2025-34489HIGHGFI MailEssentials < 21.8 Local Privilege EscalationEPSS 0.3%CVE-2023-28072HIGH Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious useEPSS 0.3%CVE-2026-41855HIGHSpring Framework Unsafe Deserialization via Jackson JMS ConvertersEPSS 0.3%CVE-2025-5174MEDIUMerdogant pypickle pypickle.py load deserializationEPSS 0.3%CVE-2026-5659MEDIUMpytries datrie trie File datrie.pyx Trie.__setstate__ deserializationEPSS 0.3%CVE-2025-11157HIGHArbitrary Code Execution in feast-dev/feastEPSS 0.3%CVE-2026-22612HIGHFickling vulnerable to detection bypass due to "builtins" blindnessEPSS 0.3%CVE-2025-14930HIGHHugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.3%