Weaknesses of type CWE-502
2,215 resultsCVE-2020-36182HIGHFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.toEPSS 5.0%CVE-2023-36439HIGHMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 4.9%CVE-2019-18580CRITICALDell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthEPSS 4.9%CVE-2024-23052CRITICALAn issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() functEPSS 4.9%CVE-2023-23638MEDIUMApache Dubbo Deserialization Vulnerability Gadgets BypassEPSS 4.8%CVE-2021-39149HIGHXStream is vulnerable to an Arbitrary Code Execution attackEPSS 4.8%CVE-2021-39154HIGHXStream is vulnerable to an Arbitrary Code Execution attackEPSS 4.8%CVE-2021-39148HIGHXStream is vulnerable to an Arbitrary Code Execution attackEPSS 4.8%CVE-2021-39151HIGHXStream is vulnerable to an Arbitrary Code Execution attackEPSS 4.8%CVE-2021-39147HIGHXStream is vulnerable to an Arbitrary Code Execution attackEPSS 4.8%CVE-2026-27971CRITICALQwik affected by unauthenticated RCE via server$ DeserializationEPSS 4.6%CVE-2017-17406—This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. AuthenticatiEPSS 4.6%CVE-2020-9493—Java deserialization in ChainsawEPSS 4.6%CVE-2024-43466MEDIUMMicrosoft SharePoint Server Denial of Service VulnerabilityEPSS 4.5%CVE-2021-39153HIGHXStream is vulnerable to an Arbitrary Code Execution attackEPSS 4.5%CVE-2021-39139HIGHXStream is vulnerable to an Arbitrary Code Execution attackEPSS 4.5%CVE-2021-42550MEDIUMRCE from attacker with configuration edit priviledges through JNDI lookupEPSS 4.4%CVE-2020-14061HIGHFasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQEPSS 4.4%CVE-2020-5413—Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets"EPSS 4.4%CVE-2024-44902CRITICALA deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.EPSS 4.3%