Falhas do tipo CWE-502

2.283 resultados
CVE-2026-32511MEDIUMWordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerabilityEPSS 0.2%CVE-2026-32508MEDIUMWordPress Halstein theme < 1.8 - Arbitrary Object Instantiation vulnerabilityEPSS 0.2%CVE-2026-32506MEDIUMWordPress Archicon theme < 1.7 - Arbitrary Object Instantiation vulnerabilityEPSS 0.2%CVE-2026-24240HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful explEPSS 0.2%CVE-2026-0859MEDIUMTYPO3 CMS Allows Insecure Deserialization via Mailer File SpoolEPSS 0.2%CVE-2025-4393MEDIUMMedtronic MyCareLink Patient Monitor Deserialization VulnerabilityEPSS 0.2%CVE-2025-48535HIGHIn assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a lauEPSS 0.2%CVE-2025-5148MEDIUMFunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserializationEPSS 0.2%CVE-2025-20275MEDIUMCisco Unified Contact Center Express Editor Remote Code Execution VulnerabilityEPSS 0.2%CVE-2025-4740MEDIUMBeamCtrl Airiana coef deserializationEPSS 0.2%CVE-2025-4742MEDIUMXU-YIJIE grpo-flat grpo_vanilla.py main deserializationEPSS 0.2%CVE-2025-31935MEDIUMSubnet Solutions PowerSYSTEM Center Deserialization of Untrusted DataEPSS 0.2%CVE-2025-4701MEDIUMVITA-MLLM Freeze-Omni utils.py torch.load deserializationEPSS 0.2%CVE-2026-24228HIGHNVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploitEPSS 0.2%CVE-2026-2626HIGHDivi Booster < 5.0.2 - Unauthenticated PHP Object InjectionEPSS 0.2%CVE-2026-24250HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful EPSS 0.2%CVE-2026-24251HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resourcEPSS 0.2%CVE-2025-41701HIGHBeckhoff: Deserialization of untrusted data by TwinCAT 3 EngineeringEPSS 0.2%CVE-2024-10382HIGHArbitrary Code execution in Car App Android Jetpack LibraryEPSS 0.2%CVE-2026-3071HIGHDeserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code executiEPSS 0.2%