Falhas do tipo CWE-502

2.283 resultados
CVE-2025-53393MEDIUMIn Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics.EPSS 0.2%CVE-2025-9906HIGHArbitrary Code execution in Keras Safe ModeEPSS 0.2%CVE-2025-9365HIGHFuji Electric FRENIC-Loader 4 Deserialization of Untrusted DataEPSS 0.2%CVE-2025-11739HIGHCWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges wheEPSS 0.2%CVE-2025-33226HIGHNVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A sEPSS 0.2%CVE-2025-30025MEDIUMThe communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalatioEPSS 0.2%CVE-2023-32737HIGHA vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2). Affected applications do not properly restriEPSS 0.2%CVE-2026-24243HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful explEPSS 0.2%CVE-2026-7888HIGHConcrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction.EPSS 0.2%CVE-2022-1984MEDIUMThis issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before versiEPSS 0.2%CVE-2025-40759HIGHA vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP EPSS 0.2%CVE-2026-5507MEDIUMSession Cache Restore — Arbitrary Free via Deserialized PointerEPSS 0.2%CVE-2026-32509MEDIUMWordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerabilityEPSS 0.2%CVE-2026-24237HIGHNVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of EPSS 0.2%CVE-2026-24221HIGHNVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of EPSS 0.2%CVE-2025-2180MEDIUMCheckov by Prisma Cloud: Unsafe Deserialization of Terraform Files Allows Code ExecutionEPSS 0.2%CVE-2025-3677MEDIUMlm-sys fastchat apply_delta.py apply_delta_low_cpu_mem deserializationEPSS 0.2%CVE-2026-24247HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful explEPSS 0.2%CVE-2026-32511MEDIUMWordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerabilityEPSS 0.2%CVE-2026-32506MEDIUMWordPress Archicon theme < 1.7 - Arbitrary Object Instantiation vulnerabilityEPSS 0.2%