Fallos del tipo CWE-502

2257 resultados
CVE-2025-33255HIGHNVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successfuEPSS 0.6%CVE-2023-51414CRITICALWordPress EnvíaloSimple Plugin <= 2.1 is vulnerable to PHP Object InjectionEPSS 0.6%CVE-2026-35300CRITICALVulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1EPSS 0.6%CVE-2025-71349HIGHpicklescan - Arbitrary Code Execution via Undetected trace.Trace.run in Pickle FilesEPSS 0.6%CVE-2025-53606CRITICALApache Seata (incubating): Deserialization of untrusted Data in Apache Seata ServerEPSS 0.6%CVE-2025-0724HIGHProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object InjectionEPSS 0.6%CVE-2025-10771MEDIUMjeecgboot JimuReport DB2 JDBC testConnection deserializationEPSS 0.6%CVE-2025-14071HIGHLive Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output ShortcodeEPSS 0.6%CVE-2026-31218HIGHThe _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377fEPSS 0.6%CVE-2025-50004HIGHWordPress JupiterX Core plugin <= 4.10.1 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2026-31219HIGHThe _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377fEPSS 0.6%CVE-2024-28777HIGHIBM Cognos Controller code executionEPSS 0.6%CVE-2024-37099CRITICALWordPress GiveWP plugin <= 3.14.1 - Unauthenticated PHP Object Injection vulnerabilityEPSS 0.6%CVE-2025-26900CRITICALWordPress Flexmls® IDX Plugin Plugin <= 3.14.27 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2025-32283HIGHWordPress Solar Energy theme <= 3.5 - PHP Object Injection VulnerabilityEPSS 0.6%CVE-2020-10721A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAMLEPSS 0.6%CVE-2025-2689MEDIUMyiisoft Yii2 SortableIterator.php getIterator deserializationEPSS 0.6%CVE-2026-27429CRITICALWordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2025-66631HIGHCSLA .NET is vulnerable to Remote Code Execution via WcfProxyEPSS 0.6%CVE-2026-49286HIGHPhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)EPSS 0.6%