Weaknesses of type CWE-502

2,257 results
CVE-2026-23798HIGHWordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-45853HIGHDeserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhousEPSS 0.5%CVE-2024-45855HIGHDeserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhousEPSS 0.5%CVE-2024-45854HIGHDeserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhousEPSS 0.5%CVE-2026-7635HIGHcoreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injection via 'user_agent' Log Meta FieldEPSS 0.5%CVE-2026-0726HIGHNexter Extension – Site Enhancements Toolkit <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace'EPSS 0.5%CVE-2023-36381MEDIUMWordPress Zippy Plugin <= 1.6.5 is vulnerable to PHP Object InjectionEPSS 0.5%CVE-2026-24186HIGHNVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBEPSS 0.5%CVE-2026-49105CRITICALWordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-9691CRITICALWordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-6009HIGHJaspersoft Library Deserialisation VulnerabilityEPSS 0.5%CVE-2026-49085CRITICALWordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-49104CRITICALWordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-27084CRITICALWordPress Buisson theme <= 1.1.11 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-35537LOWAn issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may leadEPSS 0.5%CVE-2025-31103HIGHUntrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the sEPSS 0.5%CVE-2025-31924HIGHWordPress Crafts & Arts theme <= 2.5 - PHP Object Injection VulnerabilityEPSS 0.5%CVE-2025-32686HIGHWordPress Team Members plugin <= 3.4.4 - PHP Object Injection VulnerabilityEPSS 0.5%CVE-2025-32284HIGHWordPress Pet World theme <= 2.8 - PHP Object Injection VulnerabilityEPSS 0.5%CVE-2026-41486HIGHRay: Remote Code Execution via Parquet Arrow Extension Type DeserializationEPSS 0.5%