Falhas do tipo CWE-502

2.257 resultados
CVE-2024-23512HIGHWordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object InjectionEPSS 0.5%CVE-2024-23513HIGHWordPress PropertyHive Plugin <= 2.0.5 is vulnerable to PHP Object InjectionEPSS 0.5%CVE-2023-27531MEDIUMThere is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization codeEPSS 0.5%CVE-2024-49684HIGHWordPress Backup and Staging by WP Time Capsule plugin <= 1.22.21 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2022-47599MEDIUMWordPress File Manager Plugin <= 5.2.7 is vulnerable to PHP Object InjectionEPSS 0.5%CVE-2026-39006CRITICALAn issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.EPSS 0.5%CVE-2025-3857HIGHInfinite loop condition in Amazon.IonDotnetEPSS 0.5%CVE-2025-60039CRITICALWordPress Noisa theme <= 2.6.0 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-41957HIGHBIG-IP and BIG-IQ Configuration utility vulnerabilityEPSS 0.5%CVE-2024-49625CRITICALWordPress SiteBuilder Dynamic Components plugin <= 1.0 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-48026CRITICALWordPress Disc Golf Manager plugin <= 1.0.0 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-49318CRITICALWordPress My Reading Library plugin <= 1.0 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-48030CRITICALWordPress Telecash Ricaricaweb plugin <= 2.2 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-48028CRITICALWordPress IP Loc8 plugin <= 1.1 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-52432CRITICALWordPress NIX Anti-Spam Light plugin <= 0.0.4 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-5497MEDIUMslackero phpwcms Feedimport processing.inc.php deserializationEPSS 0.5%CVE-2025-60237CRITICALWordPress Finag theme <= 1.5.0 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-22526CRITICALWordPress PHP/MySQL CPU performance statistics Plugin <= 1.2.1 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-29310CRITICALAn issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerabilitEPSS 0.5%CVE-2022-3536HIGHRole Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR DeserializationEPSS 0.5%