Falhas do tipo CWE-502
2.206 resultadosCVE-2021-21350MEDIUMXStream is vulnerable to an Arbitrary Code Execution attackEPSS 15.6%CVE-2026-25874CRITICALLeRobot Unsafe Deserialization Remote Code Execution via gRPCEPSS 15.5%CVE-2025-29793HIGHMicrosoft SharePoint Remote Code Execution VulnerabilityEPSS 15.5%CVE-2021-43297—Dubbo Hessian cause RCE when parse errorEPSS 15.3%CVE-2022-36971CRITICALThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authEPSS 15.0%CVE-2024-8069MEDIUMLimited remote code execution with privilege of a NetworkService Account accessEPSS 14.7%KEVCVE-2024-4044HIGHDeserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudioEPSS 14.7%CVE-2021-21347MEDIUMXStream is vulnerable to an Arbitrary Code Execution attackEPSS 14.7%CVE-2021-39146HIGHXStream is vulnerable to an Arbitrary Code Execution attackEPSS 14.4%CVE-2023-47248—PyArrow, PyArrow: Arbitrary code execution when loading a malicious data fileEPSS 14.4%CVE-2026-53435HIGHIn Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in JEPSS 14.3%CVE-2021-21348MEDIUMXStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)EPSS 14.2%CVE-2019-9875HIGHDeserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary codeEPSS 14.2%KEVCVE-2025-68664CRITICALLangChain serialization injection vulnerability enables secret extraction in dumps/loads APIsEPSS 13.8%CVE-2025-6507CRITICALDeserialization of Untrusted Data in h2oai/h2o-3EPSS 13.0%CVE-2020-35728HIGHFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wlEPSS 12.5%CVE-2023-35388HIGHMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 12.4%CVE-2025-47166HIGHMicrosoft SharePoint Server Remote Code Execution VulnerabilityEPSS 12.3%CVE-2022-36957HIGHSolarWinds Platform Deserialization of Untrusted DataEPSS 12.3%CVE-2022-25647HIGHDeserialization of Untrusted DataEPSS 11.6%