Falhas do tipo CWE-502

2.283 resultados
CVE-2026-23685MEDIUMInsecure Deserialization vulnerability in SAP NetWeaver (JMS service)EPSS 0.1%CVE-2024-8375MEDIUMObject deserialization in Reverb leading to RCEEPSS 0.1%CVE-2026-10566MEDIUMFoundationAgents MetaGPT schema.py Message.check_instruct_content deserializationEPSS 0.1%CVE-2026-0895MEDIUMInsecure Deserialization in extension "Mailqueue" (mailqueue)EPSS 0.1%CVE-2024-43080HIGHIn onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to EPSS 0.1%CVE-2026-14723MEDIUMAD-Security AD_Miner Cache analyse_cache.py request_a deserializationEPSS 0.1%CVE-2024-8885HIGHA local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writinEPSS 0.1%CVE-2025-8747HIGHKeras safe_mode bypass allows arbitrary code execution when loading a malicious model.EPSS 0.1%CVE-2022-32601HIGHIn telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with nEPSS 0.1%CVE-2025-7433HIGHA local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrarEPSS 0.1%CVE-2025-54620MEDIUMDeserialization vulnerability of untrusted data in the ability module. Impact: Successful exploitation of this vulnerability may affect avaiEPSS 0.1%CVE-2025-54640MEDIUMParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control EPSS 0.1%CVE-2025-54639MEDIUMParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control EPSS 0.1%CVE-2025-32312HIGHIn createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed toEPSS 0.1%CVE-2018-9474HIGHIn writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This coulEPSS 0.1%CVE-2025-54638MEDIUMIssue of inconsistent read/write serialization in the ad module. Impact: Successful exploitation of this vulnerability may affect the availaEPSS 0.1%CVE-2026-43867CRITICALApache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilterEPSS CVE-2026-42527HIGHApache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosureEPSS CVE-2026-46590HIGHApache Camel: Camel-PQC: The HashiCorp Vault and AWS Secrets Manager key-lifecycle managers deserialize persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter (incomplete remediation of CVE-2026-40048)EPSS CVE-2026-43825HIGHApache OpenNLP :: Core :: ML :: LibSVM: Unsafe Java Deserialization in SvmDoccatModelEPSS