Falhas do tipo CWE-502

2.255 resultados
CVE-2024-2694HIGHBetheme <= 27.5.6 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%CVE-2024-6152HIGHFlipbox Builder <= 1.5 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%CVE-2025-57919HIGHWordPress ConveyThis plugin <= 269.1 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2026-33942HIGHSaloon has insecure deserialization in AccessTokenAuthenticator (object injection / RCE)EPSS 0.6%CVE-2024-30229HIGHWordPress Give plugin <= 3.4.2 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2026-10042CRITICALmanga-image-translator RCE via Unsafe Pickle Deserialization in Share ModelEPSS 0.6%CVE-2023-43981CRITICALPresto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_foldeEPSS 0.6%CVE-2026-33728CRITICALdd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code executionEPSS 0.6%CVE-2023-51422CRITICALWordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to PHP Object InjectionEPSS 0.6%CVE-2025-2105HIGHJupiter X Core <= 4.8.11 - Unauthenticated PHP Object Injection via PHAREPSS 0.6%CVE-2023-52219CRITICALWordPress Gecka Terms Thumbnails Plugin <= 1.1 is vulnerable to PHP Object InjectionEPSS 0.6%CVE-2025-1186MEDIUMdayrui XunRuiCMS Api.php deserializationEPSS 0.6%CVE-2023-51470CRITICALWordPress Rencontre – Dating Site Plugin <= 3.11.1 is vulnerable to PHP Object InjectionEPSS 0.6%CVE-2026-33454CRITICALApache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)EPSS 0.6%CVE-2024-7560HIGHNews Flash <= 1.1.0 - Authenticated (Editor+) PHP Object InjectionEPSS 0.6%CVE-2025-23249HIGHNVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A succEPSS 0.6%CVE-2024-7351HIGHSimple Job Board <= 2.12.3 - Authenticated (Editor+) PHP Object InjectionEPSS 0.6%CVE-2024-13899HIGHMambo Importer <= 1.0 - Authenticated (Administrator+) PHP Object InjectionEPSS 0.6%CVE-2025-48951CRITICALAuth0-PHP SDK Deserialization of Untrusted Data vulnerabilityEPSS 0.6%CVE-2025-26967HIGHWordPress Events Calendar for GeoDirectory plugin <= 2.3.14 - PHP Object Injection vulnerabilityEPSS 0.6%