Weaknesses of type CWE-502
2,276 resultsCVE-2025-54053MEDIUMWordPress Groundhogg plugin <= 4.2.2 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2025-60828MEDIUMWukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface.EPSS 0.3%CVE-2025-60830MEDIUMredragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key.EPSS 0.3%CVE-2024-13288MEDIUMMonster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052EPSS 0.3%CVE-2024-12677HIGHDelta Electronics DTM Soft Deserialization of Untrusted DataEPSS 0.3%CVE-2025-64353HIGHWordPress Polylang plugin <= 3.7.3 - Deserialization of untrusted data vulnerabilityEPSS 0.3%CVE-2024-4606MEDIUMWordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2026-1184MEDIUMDeserialization of Untrusted Data in GitLabEPSS 0.3%CVE-2025-68853HIGHWordPress Contact Manager plugin <= 9.1.1 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2025-15276HIGHFontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.3%CVE-2026-14534HIGHFickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)EPSS 0.3%CVE-2026-1462HIGHSafe Mode Bypass in keras-team/kerasEPSS 0.3%CVE-2025-15579CRITICALAn Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.EPSS 0.3%CVE-2024-9005HIGHCWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be
remotely executed on the server when unsafely deEPSS 0.3%CVE-2026-55153HIGHmchange-commons-java contains elements susceptible to abuse via JNDI injection and "deserialization gadgets"EPSS 0.3%CVE-2025-61505MEDIUMe107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-controlled input in thEPSS 0.3%CVE-2022-33316HIGHDeserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics DigiEPSS 0.3%CVE-2022-33315HIGHDeserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics DigiEPSS 0.3%CVE-2026-27096HIGHWordPress ColorFolio - Freelance Designer WordPress Theme theme <= 1.3 - Deserialization of untrusted data vulnerabilityEPSS 0.3%CVE-2024-32876HIGHNewPipe has potential security vulnerability when importing settingsEPSS 0.3%