Weaknesses of type CWE-502

2,283 results
CVE-2024-10013HIGHProgress UI for WinForms format provider unsafe deserialization vulnerabilityEPSS 0.2%CVE-2025-70559MEDIUMpdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python picklEPSS 0.2%CVE-2026-5473LOWNASA cFS Pickle pickle.load deserializationEPSS 0.2%CVE-2025-13081MEDIUMDrupal core - Moderately critical - Gadget chain - SA-CORE-2025-006EPSS 0.2%CVE-2026-26208HIGHADB Explorer Vulnerable to Remote Code Execution via Insecure DeserializationEPSS 0.2%CVE-2026-31250HIGHCosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in EPSS 0.2%CVE-2025-15222LOWDromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserializationEPSS 0.2%CVE-2025-14606LOWtiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserializationEPSS 0.2%CVE-2025-33241HIGHNVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A EPSS 0.2%CVE-2023-32736HIGHA vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16EPSS 0.2%CVE-2024-49849HIGHA vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16EPSS 0.2%CVE-2026-31253HIGHThe flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure deserializatioEPSS 0.2%CVE-2024-34274LOWOpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclient_spot of the OpenBD softEPSS 0.2%CVE-2026-49740MEDIUMTYPO3 CMS - Insecure Deserialization in Core APIEPSS 0.2%CVE-2026-1323MEDIUMInsecure Deserialization in extension "Mailqueue" (mailqueue)EPSS 0.2%CVE-2025-33243HIGHNVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successfulEPSS 0.2%CVE-2023-32735HIGHA vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions < V1EPSS 0.2%CVE-2026-24141HIGHNVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deseEPSS 0.2%CVE-2026-31249HIGHCosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in EPSS 0.2%CVE-2026-24152HIGHNVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciouEPSS 0.2%