Fallos del tipo CWE-502

2275 resultados
CVE-2026-4860MEDIUM648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserializationEPSS 0.4%CVE-2025-71345HIGHpicklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_autograd_profEPSS 0.4%CVE-2026-56057CRITICALWordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-5114MEDIUMeasysoft zentaopms Editor index.php edit deserializationEPSS 0.4%CVE-2025-60229CRITICALWordPress Lagom theme <= 2.0 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2022-41958HIGHDeserialization Vulnerability by yaml config input in super-xrayEPSS 0.4%CVE-2024-56068HIGHWordPress WP SuperBackup plugin <= 2.3.3 - Subscriber+ PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-34877CRITICALAn issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or sEPSS 0.4%CVE-2025-60230CRITICALWordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2024-6441MEDIUMORIPA LoaderXML.java deserializationEPSS 0.4%CVE-2026-22606HIGHFickling has a bypass via runpy.run_path() and runpy.run_module()EPSS 0.4%CVE-2025-49386HIGHWordPress Preserve Code Formatting Plugin <= 4.0.1 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-26921HIGHWordPress Booking and Rental Manager Plugin <= 2.2.6 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-39467HIGHWordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-32658CRITICALWordPress HelpGent plugin <= 2.2.5 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2024-9953MEDIUMPotential DoS Vulnerability in CERT VINCE Software Before Version 3.0.8EPSS 0.4%CVE-2026-41862HIGHSpring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts withoEPSS 0.4%CVE-2024-2229HIGH CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaEPSS 0.4%CVE-2024-1801HIGHProgress Telerik Reporting Local Deserialization VulnerabilityEPSS 0.4%CVE-2024-35780HIGHWordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ PHP Object Injection vulnerabilityEPSS 0.4%