Falhas do tipo CWE-502

2.282 resultados
CVE-2026-40756HIGHWordPress Zoya theme <= 1.4 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2026-40754HIGHWordPress Roisin theme <= 1.4 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2026-40757HIGHWordPress Château theme <= 1.2.1 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2025-23254HIGHNVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by locaEPSS 0.2%CVE-2025-63617MEDIUMktg-mes before commit a484f96 (2025-07-03) has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fasEPSS 0.2%CVE-2025-71358HIGHpicklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entityEPSS 0.2%CVE-2024-8316HIGHProgress UI for WPF format provider unsafe deserialization vulnerabilityEPSS 0.2%CVE-2025-24794MEDIUMThe Snowflake Connector for Python uses insecure deserialization of the OCSP response cacheEPSS 0.2%CVE-2026-48517MEDIUMMessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic argumentsEPSS 0.2%CVE-2026-10538HIGHImproper deserialization handling in Control-M ComponentsEPSS 0.2%CVE-2026-42521MEDIUMJenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specifiEPSS 0.2%CVE-2024-34751MEDIUMWordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerabilityEPSS 0.2%CVE-2022-29615SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The apEPSS 0.2%CVE-2023-46674MEDIUMElasticsearch-hadoop Unsafe DeserializationEPSS 0.2%CVE-2024-45857HIGHDeserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl fEPSS 0.2%CVE-2026-8735MEDIUMOinone Pamirs appConfigQuery PamirsParserConfig.java JsonUtils.parseMap deserializationEPSS 0.2%CVE-2026-12787MEDIUMzhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testConnection Endpoint deserializationEPSS 0.2%CVE-2026-3967MEDIUMAlfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStream deserializationEPSS 0.2%CVE-2026-4538MEDIUMPyTorch pt2 Loading deserializationEPSS 0.2%CVE-2024-37064HIGHDeseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciouslEPSS 0.2%