Falhas do tipo CWE-502
2.197 resultadosCVE-2023-0669HIGHFortra GoAnywhere MFT License Response Servlet Command InjectionEPSS 100.0%KEVCVE-2021-44228CRITICALApache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpointsEPSS 100.0%KEVCVE-2021-35464CRITICALForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitatioEPSS 100.0%KEVCVE-2023-29300CRITICALAdobe ColdFusion Deserialization of Untrusted Data Arbitrary code executionEPSS 100.0%KEVCVE-2025-53770CRITICALMicrosoft SharePoint Server Remote Code Execution VulnerabilityEPSS 100.0%KEVCVE-2022-47986CRITICALIBM Aspera Faspex code executionEPSS 100.0%KEVCVE-2022-41082HIGHMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 100.0%KEVCVE-2025-59287CRITICALWindows Server Update Service (WSUS) Remote Code Execution VulnerabilityEPSS 100.0%KEVCVE-2025-24813CRITICALApache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUTEPSS 99.9%KEVCVE-2020-10189CRITICALZoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImageEPSS 99.9%KEVCVE-2022-35405CRITICALZoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This alEPSS 99.9%KEVCVE-2020-7961CRITICALDeserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web serEPSS 99.8%KEVCVE-2019-18935CRITICALProgress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This EPSS 99.7%KEVCVE-2017-1000353CRITICALJenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthentEPSS 99.7%KEVCVE-2023-27372CRITICALSPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions arEPSS 99.7%CVE-2023-46604CRITICALApache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attackEPSS 99.7%KEVCVE-2025-10035CRITICALDeserialization Vulnerability in GoAnywhere MFT's License ServletEPSS 99.6%KEVCVE-2017-9805HIGHThe REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStreaEPSS 99.5%KEVCVE-2018-2628CRITICALVulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions thEPSS 99.4%KEVCVE-2021-42237CRITICALSitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achiEPSS 99.2%KEV