Fallos del tipo CWE-502
2275 resultadosCVE-2026-39481HIGHWordPress Modula Image Gallery plugin <= 2.14.18 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-39471HIGHWordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-61765MEDIUMpython-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deploymentsEPSS 0.4%CVE-2026-39472HIGHWordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-71347HIGHpicklescan - Undetected Remote Code Execution via numpy.f2py.crackfortran.param_evalEPSS 0.4%CVE-2025-71369HIGHpicklescan - Unsafe Deserialization via torch.utils.data.datapipes.utils.decoder.basichandlersEPSS 0.4%CVE-2025-71366HIGHpicklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_cprofileEPSS 0.4%CVE-2025-71367HIGHpicklescan - Remote Code Execution via _operator.attrgetter Detection BypassEPSS 0.4%CVE-2022-33320HIGHDeserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics DigiEPSS 0.4%CVE-2024-49688CRITICALWordPress ARPrice plugin <= 4.1.3 - Unauthenticated PHP Object Injection vulnerabilityEPSS 0.4%CVE-2024-43252CRITICALWordPress Crew HRM plugin <= 1.1.1 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-49331HIGHWordPress eCommerce Product Catalog plugin <= 3.4.3 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2026-22187MEDIUMBio-Formats <= 8.3.0 Memoizer Unsafe Deserialization via .bfmemo Cache FilesEPSS 0.4%CVE-2026-22607HIGHFickling Blocklist Bypass: cProfile.run()EPSS 0.4%CVE-2025-8963MEDIUMjeecgboot JimuReport Data Large Screen Template testConnection deserializationEPSS 0.4%CVE-2025-13145HIGHWP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV ImportEPSS 0.4%CVE-2024-5649MEDIUMUniversal Slider <= 1.6.5 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.4%CVE-2025-63951HIGHAn insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0aEPSS 0.4%CVE-2025-63950HIGHAn insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664bEPSS 0.4%CVE-2025-58662HIGHWordPress Awesome Support plugin <= 6.3.5 - Deserialization of untrusted data vulnerabilityEPSS 0.4%