Weaknesses of type CWE-502
2,283 resultsCVE-2026-24245HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful explEPSS 0.2%CVE-2026-24244HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful explEPSS 0.2%CVE-2024-54678HIGHA vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All vEPSS 0.2%CVE-2025-33212HIGHNVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a useEPSS 0.2%CVE-2025-46738MEDIUMDeserialization of Untrusted DataEPSS 0.2%CVE-2025-61677LOWDataChain: Deserialization of Untrusted Data from Environment VariablesEPSS 0.1%CVE-2024-0047MEDIUMIn writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This couldEPSS 0.1%CVE-2026-38950HIGHAn issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected componeEPSS 0.1%CVE-2025-55136MEDIUMERC (aka Emotion Recognition in Conversation) through 0.3 has insecure deserialization via a serialized object because jsonpickle is used.EPSS 0.1%CVE-2025-70560HIGHBoltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to EPSS 0.1%CVE-2026-10721HIGHConcrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search componentsEPSS 0.1%CVE-2026-44501MEDIUMDataHub OIDC REDIRECT_URL Cookie Deserialization VulnerabilityEPSS 0.1%CVE-2026-12191HIGHComma AI Openpilot Pickle modeld.py pickle.loads deserializationEPSS 0.1%CVE-2025-48018HIGHDeserialization of Untrusted DataEPSS 0.1%CVE-2026-7818HIGHpgAdmin 4: Unsafe deserialization (CWE-502) in file-backed session manager leads to remote code executionEPSS 0.1%CVE-2026-25551HIGHSeagull Software BarTender Deserialization Privilege Escalation via .NET Remoting ServiceEPSS 0.1%CVE-2025-41700HIGHCODESYS Development System - Deserialization of Untrusted DataEPSS 0.1%CVE-2026-34993MEDIUMAIOHTTP Vulnerable to Deserialization of Untrusted DataEPSS 0.1%CVE-2026-8612MEDIUMWWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code executionEPSS 0.1%CVE-2024-39673MEDIUMVulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affeEPSS 0.1%