Weaknesses of type CWE-502

2,257 results
CVE-2024-31094HIGHWordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2026-27685CRITICALInsecure Deserialization in SAP NetWeaver Enterprise Portal AdministrationEPSS 0.6%CVE-2025-30761MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versionsEPSS 0.6%CVE-2024-30230HIGHWordPress PDF Invoices and Packing Slips For WooCommerce plugin <= 1.3.7 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2026-42359HIGHApache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validatorEPSS 0.5%CVE-2025-66571CRITICALUNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object InjectionEPSS 0.5%CVE-2025-0855CRITICALPGS Core <= 5.8.0 - Unauthenticated PHP Object InjectionEPSS 0.5%CVE-2025-67617CRITICALWordPress Consult Aid theme <= 1.4.3 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2023-51700MEDIUMWP-Mobile-BankID-Integration WordPress Database Deserialization: Potential for Object InjectionEPSS 0.5%CVE-2026-33337HIGHFirebird has a buffer overflow when parsing corrupted slice packetsEPSS 0.5%CVE-2026-7858CRITICALDeserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026xEPSS 0.5%CVE-2024-47636CRITICALWordPress WP JobSearch plugin <= 2.5.9 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-52439CRITICALWordPress Team Rosters plugin <= 4.8.2 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-33214HIGHNVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successfuEPSS 0.5%CVE-2025-33213HIGHNVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issueEPSS 0.5%CVE-2025-60214CRITICALWordPress Goldenblatt theme < 1.3.0 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-60225CRITICALWordPress BugsPatrol theme <= 1.5.0 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-52443CRITICALWordPress Geolocator plugin <= 1.1 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-6023HIGHDeserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAXEPSS 0.5%CVE-2025-33210CRITICALNVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.EPSS 0.5%