Fallos del tipo CWE-502

2284 resultados
CVE-2023-20944HIGHIn run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to lEPSS 0.2%CVE-2025-5173MEDIUMHumanSignal label-studio-ml-backend PT File neural_nets.py load deserializationEPSS 0.2%CVE-2024-3467HIGHDeserialization of Untrusted Data in AVEVA PI Asset Framework ClientEPSS 0.2%CVE-2026-43867CRITICALApache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilterEPSS 0.2%CVE-2025-33253HIGHNVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciouslEPSS 0.2%CVE-2025-53393MEDIUMIn Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics.EPSS 0.2%CVE-2025-11739HIGHCWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges wheEPSS 0.2%CVE-2025-9365HIGHFuji Electric FRENIC-Loader 4 Deserialization of Untrusted DataEPSS 0.2%CVE-2025-9906HIGHArbitrary Code execution in Keras Safe ModeEPSS 0.2%CVE-2025-33226HIGHNVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A sEPSS 0.2%CVE-2025-30025MEDIUMThe communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalatioEPSS 0.2%CVE-2023-32737HIGHA vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2). Affected applications do not properly restriEPSS 0.2%CVE-2026-24243HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful explEPSS 0.2%CVE-2026-7888HIGHConcrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction.EPSS 0.2%CVE-2026-43866HIGHApache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolderEPSS 0.2%CVE-2022-1984MEDIUMThis issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before versiEPSS 0.2%CVE-2025-40759HIGHA vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP EPSS 0.2%CVE-2026-5507MEDIUMSession Cache Restore — Arbitrary Free via Deserialized PointerEPSS 0.2%CVE-2026-32509MEDIUMWordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerabilityEPSS 0.2%CVE-2026-24237HIGHNVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of EPSS 0.2%