Weaknesses of type CWE-502
2,250 resultsCVE-2024-0960MEDIUMflink-extended ai-flow workflow_command.py cloudpickle.loads deserializationEPSS 0.7%CVE-2026-34084CRITICALPhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::loadEPSS 0.7%CVE-2024-13889HIGHWordPress Importer <= 0.8.3 - Authenticated (Administrator+) PHP Object InjectionEPSS 0.7%CVE-2026-40858HIGHApache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation RepositoryEPSS 0.7%CVE-2025-59285HIGHAzure Monitor Agent Elevation of Privilege VulnerabilityEPSS 0.7%CVE-2026-52751HIGHGhidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project ConnectionEPSS 0.7%CVE-2025-49655CRITICALDeserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enablEPSS 0.7%CVE-2024-52413CRITICALWordPress Airin Blog theme <= 1.6.1 - PHP Object Injection vulnerabilityEPSS 0.7%CVE-2021-32828MEDIUMRegular expression Denial of Service in MooToolsEPSS 0.7%CVE-2024-12600HIGHCustom Product Tabs Lite for WooCommerce <= 1.9.0 - Authenticated (Shop Manager+) PHP Object InjectionEPSS 0.7%CVE-2024-7435HIGHAttire <= 2.0.6 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.7%CVE-2020-7811MEDIUMSamsung Update Local Privilege Escalation VulnerabilityEPSS 0.7%CVE-2023-24971HIGHIBM B2B Advanced Communication denial of serviceEPSS 0.7%CVE-2025-23932CRITICALWordPress Quick Count Plugin <= 3.00 - PHP Object Injection vulnerabilityEPSS 0.7%CVE-2025-2332CRITICALExport All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object InjectionEPSS 0.7%CVE-2024-13410CRITICALCozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handlerEPSS 0.7%CVE-2026-26210CRITICALKTransformers Unsafe Deserialization RCE via balance_serveEPSS 0.7%CVE-2025-30012CRITICALMultiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)EPSS 0.7%CVE-2026-22016HIGHVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). EPSS 0.7%CVE-2025-62373CRITICALPipecat vulnerable to Remote Code Execution by Pickle Deserialization via LivekitFrameSerializerEPSS 0.7%