Fallos del tipo CWE-502
2215 resultadosCVE-2020-10650HIGHA deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code executionEPSS 3.3%CVE-2025-3935HIGHScreenConnect Exposure to ASP.NET ViewState Code InjectionEPSS 3.3%KEVCVE-2024-22399CRITICALApache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata ServerEPSS 3.3%CVE-2024-47561CRITICALApache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)EPSS 3.3%CVE-2021-21524CRITICALDell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unautEPSS 3.2%CVE-2021-41616CRITICALApache ddlutils 1.0 readobject vulnerabilityEPSS 3.2%CVE-2023-47130HIGHUnsafe deserialization of user data in yiisoft/yiiEPSS 3.1%CVE-2023-39475CRITICALInductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 3.1%CVE-2023-28323CRITICALA deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. ThiEPSS 3.1%CVE-2023-33134HIGHMicrosoft SharePoint Server Remote Code Execution VulnerabilityEPSS 3.1%CVE-2024-28991CRITICALSolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code ExecutionEPSS 3.1%CVE-2024-6525MEDIUMD-Link DAR-7000 decodmail.php deserializationEPSS 3.1%CVE-2021-27460CRITICALRockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted DataEPSS 3.1%CVE-2018-10911MEDIUMA flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaEPSS 3.1%CVE-2024-52433CRITICALWordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerabilityEPSS 3.1%CVE-2025-25034CRITICALSugarCRM PHP Deserialization RCEEPSS 3.0%CVE-2020-10672HIGHFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.arEPSS 3.0%CVE-2025-47732HIGHMicrosoft Dataverse Remote Code Execution VulnerabilityEPSS 2.9%CVE-2021-32824CRITICALRegular expression Denial of Service in MooToolsEPSS 2.9%CVE-2024-11393HIGHHugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 2.9%