Fallos del tipo CWE-502

2275 resultados
CVE-2025-58815HIGHWordPress Aitasi Coming Soon Plugin <= 2.0.2 - Deserialization of untrusted data VulnerabilityEPSS 0.4%CVE-2025-58839HIGHWordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-47536HIGHWordPress Content Egg plugin <= 7.0.0 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-5679MEDIUMShenzhen Dashi Tongzhou Information Technology AgileBPM SysToolsController.java parseStrByFreeMarker deserializationEPSS 0.4%CVE-2026-25923HIGHPhar Deserialization leading to Arbitrary File Deletion in my little forumEPSS 0.4%CVE-2025-66524HIGHApache NiFi: Deserialization of Untrusted Data in GetAsanaObject ProcessorEPSS 0.4%CVE-2025-47771HIGHPowSyBl Core allows deserialization of untrusted SparseMatrix dataEPSS 0.4%CVE-2025-0767MEDIUMWP Activity Log 5.3.2 - Insecure deserializationEPSS 0.4%CVE-2026-50589MEDIUMIn OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JEPSS 0.4%CVE-2025-5680MEDIUMShenzhen Dashi Tongzhou Information Technology AgileBPM Groovy Script SysScriptController.java executeScript deserializationEPSS 0.4%CVE-2025-47784MEDIUMEmlog vulnerable to Deserialization of Untrusted DataEPSS 0.4%CVE-2025-48287CRITICALWordPress Pix 4x sem juros - Pagaleve plugin <= 1.6.9 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-47568CRITICALWordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-39551CRITICALWordPress FluentBoards plugin <= 1.47 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-27130MEDIUMWelcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited,EPSS 0.4%CVE-2026-41699HIGHUnsafe Deserialization in Spring GraphQLEPSS 0.4%CVE-2026-39478HIGHWordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-39474HIGHWordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-71342HIGHpicklescan - Undetected Remote Code Execution via idlelib.run.Executive.runcodeEPSS 0.4%CVE-2026-4860MEDIUM648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserializationEPSS 0.4%