Falhas do tipo CWE-502
2.215 resultadosCVE-2025-42944CRITICALInsecure Deserialization vulnerability in SAP Netweaver (RMI-P4)EPSS 2.9%CVE-2017-15089—It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An aEPSS 2.9%CVE-2023-21744HIGHMicrosoft SharePoint Server Remote Code Execution VulnerabilityEPSS 2.8%CVE-2021-27475HIGHRockwell Automation Connected Components Workbench Deserialization of Untrusted DataEPSS 2.8%CVE-2025-47994HIGHMicrosoft Office Elevation of Privilege VulnerabilityEPSS 2.8%CVE-2026-45659HIGHMicrosoft SharePoint Remote Code Execution VulnerabilityEPSS 2.8%CVE-2024-3300CRITICALPre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024EPSS 2.8%CVE-2023-28115CRITICALSnappy vulnerable to PHAR deserialization, allowing remote code executionEPSS 2.8%CVE-2023-21538HIGH.NET Denial of Service VulnerabilityEPSS 2.7%CVE-2024-31211MEDIUMRemote Code Execution in `WP_HTML_Token`EPSS 2.7%CVE-2019-18316—A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network accessEPSS 2.7%CVE-2021-41110CRITICALCWL Viewer: deserialization of untrusted data can lead to complete takeover by an attackerEPSS 2.7%CVE-2020-15086CRITICALPotential Remote Code Execution in TYPO3 with mediace extensionEPSS 2.7%CVE-2023-37895CRITICALApache Jackrabbit RMI access can lead to RCEEPSS 2.7%CVE-2020-4043HIGHPhar unserialization vulnerability in phpMusselEPSS 2.6%CVE-2023-30534MEDIUMInsecure Deserialization in CactiEPSS 2.6%CVE-2022-28684HIGHThis vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to EPSS 2.5%CVE-2024-24590HIGHDeserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliEPSS 2.5%CVE-2018-6331CRITICALBuck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it EPSS 2.5%CVE-2024-52577CRITICALApache Ignite: Possible RCE when deserializing incoming messages by the server nodeEPSS 2.4%