Weaknesses of type CWE-502
2,257 resultsCVE-2026-41486HIGHRay: Remote Code Execution via Parquet Arrow Extension Type DeserializationEPSS 0.5%CVE-2025-32571HIGHWordPress TuriTop Booking System Plugin <= 1.0.10 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-47683HIGHWordPress WP Maintenance plugin <= 6.1.9.7 - PHP Object Injection VulnerabilityEPSS 0.5%CVE-2026-31235CRITICALThe imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py moEPSS 0.5%CVE-2026-24164HIGHNVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerabiEPSS 0.5%CVE-2025-24601CRITICALWordPress FundPress plugin <= 2.0.6 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-62008HIGHWordPress Product Table For WooCommerce plugin <= 1.2.4 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-9188HIGHDeserialization of Untrusted Data when parsing a DSB file with Digilent DASYLabEPSS 0.5%CVE-2026-44126CRITICALInsecure deserializationEPSS 0.5%CVE-2025-3413MEDIUMopplus springboot-admin SysGeneratorController.java code deserializationEPSS 0.5%CVE-2025-49127HIGHKafbat UI vulnerable to Remote Code Execution by JMX in Metrices ConfigurationEPSS 0.5%CVE-2025-1113MEDIUMtaisan tarzan-cms Add Theme admin#themes upload deserializationEPSS 0.5%CVE-2026-4851CRITICALGRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserializationEPSS 0.5%CVE-2026-8135HIGHConcrete CMS 9.5.0 and below is vulnerable to RCE due to insecure deserialization occurring in the ExpressEntryList block controller.EPSS 0.5%CVE-2026-9330HIGHIBM WebSphere Application Server is affected by remote code executionEPSS 0.5%CVE-2025-49890CRITICALWordPress Organic Beauty Theme <= 1.4.6 - PHP Object Injection VulnerabilityEPSS 0.5%CVE-2026-22333HIGHWordPress YITH WooCommerce Compare plugin <= 3.6.0 - Deserialization of untrusted data vulnerabilityEPSS 0.5%CVE-2026-29109HIGHSuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter ProcessingEPSS 0.5%CVE-2025-6464HIGHForminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission DeletionEPSS 0.5%CVE-2024-47836LOWAdmidio vulnerable to HTML Injection In The Messages SectionEPSS 0.5%