Fallos del tipo CWE-502
2276 resultadosCVE-2025-50198HIGHChamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parametersEPSS 0.3%CVE-2025-15351HIGHAnritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.3%CVE-2025-69002HIGHWordPress OneLife theme <= 3.9 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2025-15350HIGHAnritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.3%CVE-2026-24765HIGHPHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage HandlingEPSS 0.3%CVE-2026-10532LOWLogback deserialization whitelist bypass for Proxy objectsEPSS 0.3%CVE-2024-11839HIGHInsecure Deserialization via Runbooks ImportsEPSS 0.3%CVE-2026-40048HIGHApache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManagerEPSS 0.3%CVE-2025-54719HIGHWordPress Yogi - Health Beauty & Yoga Theme <= 2.9.2 - Deserialization of untrusted data VulnerabilityEPSS 0.3%CVE-2026-58025MEDIUMRemote Code Execution via Unsafe Deserialization in LogItem ImportEPSS 0.3%CVE-2026-12240HIGHExport User Data <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion via display_name FieldEPSS 0.3%CVE-2025-54742HIGHWordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection VulnerabilityEPSS 0.3%CVE-2026-9497MEDIUMchangmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserializationEPSS 0.3%CVE-2025-71378HIGHpicklescan - Remote Code Execution via Undetected cProfile.runctx in Pickle FilesEPSS 0.3%CVE-2026-57677CRITICALWordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2025-60834MEDIUMA fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input.EPSS 0.3%CVE-2025-11345MEDIUMILIAS Test Import unserialize deserializationEPSS 0.3%CVE-2026-57621CRITICALWordPress Booktics plugin <= 1.0.21 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2022-27579—A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and incEPSS 0.3%CVE-2022-27580—A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including EPSS 0.3%