Falhas do tipo CWE-502
2.206 resultadosCVE-2022-23302HIGHDeserialization of untrusted data in JMSSink in Apache Log4j 1.xEPSS 61.8%CVE-2025-40553CRITICALSolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 60.4%CVE-2023-39473HIGHInductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 58.8%CVE-2019-5434—An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" paraEPSS 57.0%CVE-2024-38094HIGHMicrosoft SharePoint Remote Code Execution VulnerabilityEPSS 55.3%KEVCVE-2023-50218HIGHInductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 55.0%CVE-2023-50223HIGHInductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 54.9%CVE-2024-38023HIGHMicrosoft SharePoint Server Remote Code Execution VulnerabilityEPSS 53.2%CVE-2024-29847CRITICALDeserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthentiEPSS 52.9%CVE-2021-24307—All in One SEO Pack < 4.1.0.2 - Admin RCE via unserializeEPSS 52.6%CVE-2022-23307HIGHA deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.EPSS 52.5%CVE-2024-38018HIGHMicrosoft SharePoint Server Remote Code Execution VulnerabilityEPSS 51.5%CVE-2024-24725HIGHGibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modEPSS 51.3%CVE-2024-38024HIGHMicrosoft SharePoint Server Remote Code Execution VulnerabilityEPSS 50.8%CVE-2023-44351CRITICALAdobe ColdFusion RCE Security VulnerabilityEPSS 50.2%CVE-2021-21342MEDIUMA Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local hostEPSS 50.1%CVE-2017-17485CRITICALFasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix EPSS 49.7%CVE-2025-61622CRITICALApache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyforyEPSS 49.5%CVE-2024-23759CRITICALDeserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the ParcelshopfEPSS 47.8%CVE-2021-21349MEDIUMA Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local hostEPSS 47.8%