Falhas do tipo CWE-502
2.256 resultadosCVE-2022-42919HIGHPython 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python muEPSS 0.6%CVE-2025-58757HIGHMONAI's unsafe use of Pickle deserialization may lead to RCEEPSS 0.6%CVE-2026-31229CRITICALThe Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component'EPSS 0.6%CVE-2024-4471HIGH140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%CVE-2026-31237CRITICALThe Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a daEPSS 0.6%CVE-2025-2690MEDIUMyiisoft Yii2 MockClass.php generate deserializationEPSS 0.6%CVE-2025-48200CRITICALThe sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.EPSS 0.6%CVE-2024-30227CRITICALWordPress Geo Controller plugin <= 8.6.4 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2023-25770CRITICALController stack overflow on decoding messages from the serverEPSS 0.6%CVE-2025-34394CRITICALBarracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCEEPSS 0.6%CVE-2024-4838HIGHConvertPlus <= 3.5.26 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%CVE-2026-24163HIGHNVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successEPSS 0.6%CVE-2025-53465HIGHWordPress GSheets Connector Plugin <= 1.1.1 - PHP Object Injection VulnerabilityEPSS 0.6%CVE-2024-13777HIGHZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object InjectionEPSS 0.6%CVE-2026-33858HIGHApache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom APIEPSS 0.6%CVE-2023-32513HIGHWordPress GiveWP Plugin <= 2.25.3 is vulnerable to PHP Object InjectionEPSS 0.6%CVE-2025-59328MEDIUMApache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large DataEPSS 0.6%CVE-2026-54806CRITICALWordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2024-4733HIGHShiftController Employee Shift Scheduling <= 4.9.57 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%CVE-2024-45772MEDIUMApache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization IssueEPSS 0.6%