Falhas do tipo CWE-502
2.257 resultadosCVE-2024-34433MEDIUMWordPress One Click Demo Import plugin <=3.2.0 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-71371HIGHpicklescan - Remote Code Execution via code.InteractiveInterpreter Detection BypassEPSS 0.5%CVE-2026-1691MEDIUMbolo-solo SnakeYAML BackupService.java importMarkdownsSync deserializationEPSS 0.5%CVE-2026-31238CRITICALThe Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model sEPSS 0.5%CVE-2025-57622CRITICALAn issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(requeEPSS 0.5%CVE-2023-52206HIGHWordPress Page Builder: Live Composer Plugin <= 1.5.25 is vulnerable to PHP Object InjectionEPSS 0.5%CVE-2024-57764CRITICALMSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.EPSS 0.5%CVE-2024-50416HIGHWordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.6 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-57763CRITICALMSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.EPSS 0.5%CVE-2024-57762HIGHMSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.EPSS 0.5%CVE-2024-57766CRITICALMSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.EPSS 0.5%CVE-2024-50408HIGHWordPress Namaste! LMS plugin <= 2.6.3 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2023-46147HIGHWordPress Themify Ultra Theme <= 7.3.5 is vulnerable to PHP Object InjectionEPSS 0.5%CVE-2024-32600HIGHWordPress Master Slider plugin <= 3.9.5 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2023-40555HIGHWordPress Flatsome Theme <= 3.17.5 is vulnerable to PHP Object InjectionEPSS 0.5%CVE-2024-49222CRITICALWordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-49226HIGHWordPress TAKETIN To WP Membership plugin <= 2.8.17 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-41731HIGHIn Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserializationEPSS 0.5%CVE-2025-47582CRITICALWordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection VulnerabilityEPSS 0.5%CVE-2026-47161HIGHRELATE Vulnerable to Remote Code Execution (RCE) via Insecure Celery Pickle DeserializationEPSS 0.5%