Weaknesses of type CWE-502

2,256 results
CVE-2025-5499MEDIUMslackero phpwcms image_resized.php getimagesize deserializationEPSS 0.6%CVE-2025-69690CRITICALNetgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the EPSS 0.6%CVE-2025-26999HIGHWordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2024-12687HIGHInsecure YAML DeserializationEPSS 0.6%CVE-2024-29136HIGHWordPress Tourfic plugin <= 2.11.17 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2023-37390HIGHWordPress Themesflat Addons For Elementor Plugin <= 2.0.0 is vulnerable to PHP Object InjectionEPSS 0.6%CVE-2026-40901HIGHDataEase: Quartz Deserialization → Remote Code ExecutionEPSS 0.6%CVE-2026-34615CRITICALAdobe Connect | Deserialization of Untrusted Data (CWE-502)EPSS 0.6%CVE-2025-31084CRITICALWordPress Sunshine Photo Cart plugin <= 3.4.10 - PHP Object Injection VulnerabilityEPSS 0.6%CVE-2022-4815HIGHHitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data EPSS 0.6%CVE-2025-31612CRITICALWordPress CBX Poll plugin <= 2.0.4 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2023-52182CRITICALWordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object InjectionEPSS 0.6%CVE-2024-48033CRITICALWordPress Talkback plugin <= 1.0 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2024-11501HIGHGallery <= 1.3 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%CVE-2022-3568HIGHImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to PHAR DeserializationEPSS 0.6%CVE-2025-27816CRITICALA vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecurEPSS 0.6%CVE-2025-71321CRITICALpicklescan - Arbitrary File Writing via distutils Module BypassEPSS 0.6%CVE-2024-5724HIGHPhoto Video Gallery Master <= 1.5.3 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%CVE-2024-13824CRITICALCiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object InjectionEPSS 0.6%CVE-2024-7486HIGHMultiPurpose <= 1.2.0 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%