Fallos del tipo CWE-502

2206 resultados
CVE-2023-36039HIGHMicrosoft Exchange Server Spoofing VulnerabilityEPSS 73.0%CVE-2021-21345MEDIUMXStream is vulnerable to a Remote Command Execution attackEPSS 73.0%CVE-2020-5741HIGHDeserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.EPSS 72.9%KEVCVE-2023-20864CRITICALVMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware EPSS 71.7%CVE-2022-26133CRITICALSharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6EPSS 71.4%CVE-2022-38108HIGHSolarWinds Platform Deserialization of Untrusted DataEPSS 69.5%CVE-2021-35215HIGHActionPluginBaseView Deserialization of Untrusted Data RCEEPSS 69.2%CVE-2019-17571CRITICALIncluded in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely exeEPSS 69.1%CVE-2023-36757HIGHMicrosoft Exchange Server Spoofing VulnerabilityEPSS 68.6%CVE-2023-6933HIGHBetter Search Replace <= 1.4.4 - Unauthenticated PHP Object InjectionEPSS 68.0%CVE-2021-42127A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execuEPSS 68.0%CVE-2021-40865Unsafe Pre-Authentication Deserialization In WorkersEPSS 65.6%CVE-2023-38204CRITICALBypass APSB23-41 (CVE-2023-38203) - Pre-Auth RCE ColdFusion 2021 Update 8EPSS 65.5%CVE-2024-54676CRITICALApache OpenMeetings: Deserialisation of untrusted data in cluster modeEPSS 65.2%CVE-2023-44350CRITICALColdFusion | Deserialization of Untrusted Data (CWE-502)EPSS 64.6%CVE-2018-4939CRITICALAdobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of UntrusteEPSS 63.3%KEVCVE-2021-42392The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. EPSS 63.2%CVE-2021-42130A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail SerEPSS 62.2%CVE-2023-21529HIGHMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 62.1%KEVCVE-2022-21445CRITICALVulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported vEPSS 62.0%KEV