Falhas do tipo CWE-502

2.258 resultados
CVE-2025-63721CRITICALHummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API anEPSS 0.4%CVE-2026-32590HIGHMirror-registry: remote code execution using pickle deserializationEPSS 0.4%CVE-2025-5326MEDIUMzhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 verifyToken deserializationEPSS 0.4%CVE-2025-13712HIGHTencent HunyuanDiT merge Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-13707HIGHTencent HunyuanDiT model_resume Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-13711HIGHTencent TFace eval Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-13714HIGHTencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-13708HIGHTencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-13706HIGHTencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-13716HIGHTencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-13709HIGHTencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-11346MEDIUMILIAS Base64 Decoding unserialize deserializationEPSS 0.4%CVE-2025-13710HIGHTencent HunyuanVideo load_vae Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-30985CRITICALWordPress GNUCommerce plugin <= 1.5.4 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2024-56291HIGHWordPress PlainInventory – Inventory Management Plugin Plugin <= 3.1.6 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2024-56283HIGHWordPress Locatoraid Store Locator Plugin <= 3.9.50 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-41586CRITICALObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCEEPSS 0.4%CVE-2026-31239CRITICALThe mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggiEPSS 0.4%CVE-2025-53242CRITICALWordPress Seil Theme <= 1.7.1 - Deserialization of untrusted data VulnerabilityEPSS 0.4%CVE-2026-8751MEDIUMh2oai h2o-3 JAR Model.java importBinaryModel deserializationEPSS 0.4%