Weaknesses of type CWE-502

2,257 results
CVE-2022-39008CRITICALThe NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-partyEPSS 0.5%CVE-2024-52440CRITICALWordPress Xpresslane Fast Checkout plugin <= 1.0.0 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-6023HIGHDeserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAXEPSS 0.5%CVE-2025-33210CRITICALNVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.EPSS 0.5%CVE-2025-4260MEDIUMzhangyanbo2007 youkefu TemplateController.java impsave deserializationEPSS 0.5%CVE-2024-52443CRITICALWordPress Geolocator plugin <= 1.1 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-25524HIGHOpenMage LTS's Phar Deserialization leads to Remote Code ExecutionEPSS 0.5%CVE-2022-45845MEDIUMWordPress Smart Slider 3 Plugin <= 3.5.1.9 is vulnerable to PHP Object InjectionEPSS 0.5%CVE-2025-2485HIGHDrag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File DeletionEPSS 0.5%CVE-2024-49624CRITICALWordPress Advanced Advertising System plugin <= 1.3.1 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-6645MEDIUMWuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserializationEPSS 0.5%CVE-2025-23914CRITICALWordPress Muzaara Google Ads Report Plugin <= 3.1 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-62233MEDIUMApache DolphinScheduler: Deserialization of untrusted data in RPCEPSS 0.5%CVE-2022-32521HIGHA CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely EPSS 0.5%CVE-2024-1858MEDIUMLightbox slider – Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.5%CVE-2024-43242CRITICALWordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Unauthenticated PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-11662MEDIUMwelliamcao OpsManage API Endpoint deploy_api.py deploy_host_vars deserializationEPSS 0.5%CVE-2026-12115MEDIUMCounter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via ImportEPSS 0.5%CVE-2025-30160HIGHRedlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences FormEPSS 0.5%CVE-2026-27830HIGHc3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString propertyEPSS 0.5%