Falhas do tipo CWE-502
2.206 resultadosCVE-2025-34067CRITICALHikvision Integrated Security Management Platform Remote Command Execution via applyCT FastjsonEPSS 18.7%CVE-2025-56005CRITICALAn undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parametEPSS 18.6%CVE-2023-1669HIGHSEOPress < 6.5.0.3 - Admin+ PHP Object InjectionEPSS 18.5%CVE-2025-23120CRITICALA vulnerability allowing remote code execution (RCE) for domain users.EPSS 18.3%CVE-2022-38142CRITICAL
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway EPSS 18.2%CVE-2025-30285HIGHColdFusion | Deserialization of Untrusted Data (CWE-502)EPSS 18.2%CVE-2025-54897HIGHMicrosoft SharePoint Remote Code Execution VulnerabilityEPSS 18.1%CVE-2023-26359CRITICALAdobe ColdFusion Deserialization of Untrusted Data Arbitrary code executionEPSS 17.9%KEVCVE-2024-10456CRITICALDelta Electronics InfraSuite Device Master Deserialization of Untrusted DataEPSS 17.7%CVE-2021-24040—Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicioEPSS 17.4%CVE-2022-28685HIGHThis vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802EPSS 17.2%CVE-2025-49712HIGHMicrosoft SharePoint Remote Code Execution VulnerabilityEPSS 17.2%CVE-2022-36964HIGHSolarWinds Platform Deserialization of Untrusted DataEPSS 16.8%CVE-2023-38181HIGHMicrosoft Exchange Server Spoofing VulnerabilityEPSS 16.8%CVE-2023-47207CRITICALDelta Electronics InfraSuite Device Master Deserialization of Untrusted DataEPSS 16.6%CVE-2025-20124CRITICALCisco Identity Services Engine Java Deserialization VulnerabilityEPSS 16.3%CVE-2021-39141HIGHXStream is vulnerable to an Arbitrary Code Execution attackEPSS 16.2%CVE-2023-1347HIGHCustomizer Export/Import < 0.9.6 - Admin+ PHP Object InjectionEPSS 16.0%CVE-2022-1660CRITICALKeysight N6854A Geolocation server and N6841A RF Sensor softwareEPSS 16.0%CVE-2017-0903—RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem speEPSS 15.9%