Falhas do tipo CWE-502
2.275 resultadosCVE-2025-48289CRITICALWordPress Kids Planet theme <= 2.2.14 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2026-14265HIGHRCE via Deserialization in AWS Advanced JDBC WrapperEPSS 0.4%CVE-2025-51742CRITICALAn issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameEPSS 0.4%CVE-2025-51744CRITICALAn issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks.EPSS 0.4%CVE-2025-51745CRITICALAn issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks.EPSS 0.4%CVE-2025-51743CRITICALAn issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserializEPSS 0.4%CVE-2025-51746CRITICALAn issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization atEPSS 0.4%CVE-2026-44843HIGHLangChain: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlistsEPSS 0.4%CVE-2025-43713MEDIUMASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services thatEPSS 0.4%CVE-2023-35815LOWDevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.EPSS 0.4%CVE-2024-31308MEDIUMWordPress WP Import Export Lite & WP Import Export plugin <= 3.9.26 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-69371CRITICALWordPress KindlyCare theme <= 1.6.1 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2023-35814LOWDevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms.EPSS 0.4%CVE-2025-69372CRITICALWordPress SevenHills theme <= 1.6.2 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-12481HIGHDeserialization of Untrusted Data in keras-team/kerasEPSS 0.4%CVE-2025-4905MEDIUMiop-apl-uw basestation3 QC.py load_qc_pickl deserializationEPSS 0.4%CVE-2026-7301CRITICALCVE-2026-7301EPSS 0.4%CVE-2025-61140CRITICALThe value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.EPSS 0.4%CVE-2025-13467MEDIUMOrg.keycloak.storage.ldap: keycloak: deserialization of untrusted data in ldap user federationEPSS 0.4%CVE-2025-7099MEDIUMBoyunCMS Installation install2.php deserializationEPSS 0.4%