Falhas do tipo CWE-502
2.257 resultadosCVE-2026-25615HIGHBlesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668.EPSS 0.5%CVE-2021-21371MEDIUMExecution of untrusted code through config fileEPSS 0.5%CVE-2025-12099HIGHAcademy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection via 'import_all_courses'EPSS 0.5%CVE-2026-41409CRITICALApache MINA: CWE-502 Deserialization of Untrusted DataEPSS 0.5%CVE-2021-37678CRITICALArbitrary code execution due to YAML deserializationEPSS 0.5%CVE-2026-7566MEDIUMLearnPress – Backup & Migration Tool <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection via WXR XML File UploadEPSS 0.4%CVE-2025-31422HIGHWordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-54012HIGHWordPress Welcart e-Commerce Plugin <= 2.11.16 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-59007CRITICALWordPress TF Woo Product Grid Addon For Elementor Plugin <= 1.0.1 - Deserialization of untrusted data VulnerabilityEPSS 0.4%CVE-2024-7576HIGHProgress UI for WPF format provider unsafe deserialization vulnerabilityEPSS 0.4%CVE-2024-22460LOWDell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privilegEPSS 0.4%CVE-2026-21665HIGHThe Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.31EPSS 0.4%CVE-2026-39499HIGHWordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-61765MEDIUMpython-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deploymentsEPSS 0.4%CVE-2026-39472HIGHWordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-39481HIGHWordPress Modula Image Gallery plugin <= 2.14.18 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-39471HIGHWordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-39434HIGHWordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2022-33320HIGHDeserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics DigiEPSS 0.4%CVE-2024-49688CRITICALWordPress ARPrice plugin <= 4.1.3 - Unauthenticated PHP Object Injection vulnerabilityEPSS 0.4%