Weaknesses of type CWE-502
2,283 resultsCVE-2026-4538MEDIUMPyTorch pt2 Loading deserializationEPSS 0.2%CVE-2024-37062HIGHDeserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicouslyEPSS 0.2%CVE-2024-37065HIGHDeserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to ruEPSS 0.2%CVE-2025-15246MEDIUMaizuda snail-job API FurySerializer.deserialize deserializationEPSS 0.2%CVE-2025-67747HIGHFickling has missing detection for marshal.loads and types.FunctionType in unsafe modules listEPSS 0.2%CVE-2025-67748HIGHFickling has Code Injection vulnerability via pty.spawn()EPSS 0.2%CVE-2026-11860HIGHInsecure Deserialisation via Plaintext HTTP leading to Remote Code Execution in Quick.CMSEPSS 0.2%CVE-2026-0677MEDIUMWordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerabilityEPSS 0.2%CVE-2026-48775MEDIUMLangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loadingEPSS 0.2%CVE-2025-46567MEDIUMLLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.pyEPSS 0.2%CVE-2025-48086MEDIUMWordPress Ajax Search Lite plugin <= 4.13.3 - PHP Object Injection vulnerabilityEPSS 0.2%CVE-2026-33233HIGHAutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache EntriesEPSS 0.2%CVE-2024-10012HIGHProgress UI for WPF format provider unsafe deserialization vulnerabilityEPSS 0.2%CVE-2025-63675MEDIUMcryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aes_decrypt_message in symmetriEPSS 0.2%CVE-2022-45147HIGHA vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versiEPSS 0.2%CVE-2025-60887MEDIUMAn issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking oEPSS 0.2%CVE-2025-9191MEDIUMHouzez <= 4.1.6 - Authenticated (Subscriber+) PHP Object Injection via Saved SearchEPSS 0.2%CVE-2026-7317LOWGrav CMS Cache Value FileCache.php doGet deserializationEPSS 0.2%CVE-2025-10252LOWSEAT Queue Ticket Kiosk Java RMI Registry deserializationEPSS 0.2%CVE-2026-5473LOWNASA cFS Pickle pickle.load deserializationEPSS 0.2%