Falhas do tipo CWE-502

2.273 resultados
CVE-2026-31239CRITICALThe mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggiEPSS 0.4%CVE-2025-5552MEDIUMChestnutCMS API Endpoint exec deserializationEPSS 0.4%CVE-2026-8751MEDIUMh2oai h2o-3 JAR Model.java importBinaryModel deserializationEPSS 0.4%CVE-2025-58998CRITICALWordPress s2Member Plugin <= 250701 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-48289CRITICALWordPress Kids Planet theme <= 2.2.14 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-39410CRITICALWordPress Smart Sections Theme Builder - WPBakery Page Builder Addon plugin <= 1.7.8 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2024-34072HIGHDeserialization of Untrusted Data in sagemaker-python-sdkEPSS 0.4%CVE-2025-39588CRITICALWordPress Ultimate Store Kit Elementor Addons plugin <= 2.4.0 - Deserialization of untrusted data VulnerabilityEPSS 0.4%CVE-2025-49073CRITICALWordPress Sweet Dessert < 1.1.13 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-39550CRITICALWordPress FluentCommunity plugin <= 1.2.15 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2026-14265HIGHRCE via Deserialization in AWS Advanced JDBC WrapperEPSS 0.4%CVE-2025-51744CRITICALAn issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks.EPSS 0.4%CVE-2025-51742CRITICALAn issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameEPSS 0.4%CVE-2025-51743CRITICALAn issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserializEPSS 0.4%CVE-2025-51746CRITICALAn issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization atEPSS 0.4%CVE-2025-51745CRITICALAn issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks.EPSS 0.4%CVE-2026-44843HIGHLangChain: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlistsEPSS 0.4%CVE-2025-43713MEDIUMASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services thatEPSS 0.4%CVE-2023-35815LOWDevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.EPSS 0.4%CVE-2024-31308MEDIUMWordPress WP Import Export Lite & WP Import Export plugin <= 3.9.26 - PHP Object Injection vulnerabilityEPSS 0.4%