Falhas do tipo CWE-502
2.206 resultadosCVE-2018-15958CRITICALAdobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untruEPSS 25.9%CVE-2018-15965CRITICALAdobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untruEPSS 25.9%CVE-2018-15959CRITICALAdobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untruEPSS 25.9%CVE-2023-31222CRITICALMedtronic Paceart MSMQ Deserialization of Untrusted DataEPSS 25.8%CVE-2022-47504HIGHSolarWinds Platform Deserialization of Untrusted Data VulnerabilityEPSS 25.1%CVE-2023-28310HIGHMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 25.0%CVE-2022-47503HIGHSolarWinds Platform Deserialization of Untrusted Data VulnerabilityEPSS 24.4%CVE-2023-33299CRITICALA deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attackEPSS 24.3%CVE-2024-52046CRITICALApache MINA: MINA applications using unbounded deserialization may allow RCEEPSS 23.9%CVE-2023-25135CRITICALvBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deseEPSS 23.9%CVE-2023-50252HIGHphp-svg-lib unsafe attributes merge when parsing `use` tagEPSS 23.9%CVE-2024-27322HIGHDeserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not includEPSS 23.6%CVE-2024-5016HIGHWhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 22.4%CVE-2025-23006CRITICALPre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) andEPSS 22.4%KEVCVE-2025-53772HIGHWeb Deploy Remote Code Execution VulnerabilityEPSS 22.3%CVE-2016-9498—ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objectsEPSS 22.0%CVE-2020-36179HIGHFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apacEPSS 20.9%CVE-2020-10644—The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 EPSS 20.2%CVE-2017-11153—Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers EPSS 19.1%CVE-2025-67779HIGHIt was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attacEPSS 18.9%