Falhas do tipo CWE-502

2.258 resultados
CVE-2024-9953MEDIUMPotential DoS Vulnerability in CERT VINCE Software Before Version 3.0.8EPSS 0.4%CVE-2025-32658CRITICALWordPress HelpGent plugin <= 2.2.5 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2024-2229HIGH CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaEPSS 0.4%CVE-2026-41862HIGHSpring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts withoEPSS 0.4%CVE-2024-35780HIGHWordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ PHP Object Injection vulnerabilityEPSS 0.4%CVE-2024-1801HIGHProgress Telerik Reporting Local Deserialization VulnerabilityEPSS 0.4%CVE-2023-7032HIGH A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain EPSS 0.4%CVE-2025-52737HIGHWordPress WP Store Locator plugin <= 2.2.260 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-3250MEDIUMelunez eladmin Maintenance Management Module testConnect deserializationEPSS 0.4%CVE-2021-27240HIGHThis vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attackerEPSS 0.4%CVE-2025-0974LOWMaxD Lightning Module deserializationEPSS 0.4%CVE-2025-30889HIGHWordPress Testimonial Slider plugin <= 2.0.13 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-32145HIGHWordPress WpEvently plugin <= 4.3.6 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2024-56068HIGHWordPress WP SuperBackup plugin <= 2.3.3 - Subscriber+ PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-2020HIGHJS Archive List <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode AttributeEPSS 0.4%CVE-2025-5498MEDIUMslackero phpwcms Custom Source Tab cnt21.readform.inc.php is_file deserializationEPSS 0.4%CVE-2024-3468HIGHDeserialization of Untrusted Data in AVEVA PI Web APIEPSS 0.4%CVE-2025-13713HIGHTencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2026-42211HIGHReact Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCEEPSS 0.4%CVE-2026-24162HIGHNVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A succeEPSS 0.4%