Falhas do tipo CWE-502

2.276 resultados
CVE-2025-64266HIGHWordPress Booking and Rental Manager plugin <= 2.5.4 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-60082HIGHWordPress PDF for WPForms plugin <= 6.5.0 - Deserialization of untrusted data vulnerabilityEPSS 0.4%CVE-2025-58643HIGHWordPress LTL Freight Quotes – Daylight Edition Plugin <= 2.2.7 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-58642HIGHWordPress LTL Freight Quotes – Day & Ross Edition Plugin <= 2.1.11 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-58218HIGHWordPress Small Package Quotes – USPS Edition Plugin <= 1.3.9 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2025-58644HIGHWordPress LTL Freight Quotes - TQL Edition Plugin <= 1.2.6 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2026-23544HIGHWordPress Valenti theme <= 5.6.3.5 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-45034CRITICALPhpSpreadsheet: File::prohibitWrappers bypassEPSS 0.4%CVE-2025-53560HIGHWordPress Noisa theme <= 2.6.0 - PHP Object Injection VulnerabilityEPSS 0.3%CVE-2026-1839MEDIUMArbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformersEPSS 0.3%CVE-2024-47092HIGHInsecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-apiEPSS 0.3%CVE-2025-53303HIGHWordPress ThemeMove Core Plugin <= 1.4.2 - PHP Object Injection VulnerabilityEPSS 0.3%CVE-2025-49869HIGHWordPress Eventin Plugin <= 4.0.31 - PHP Object Injection VulnerabilityEPSS 0.3%CVE-2025-59713MEDIUMSnipe-IT before 8.1.18 allows unsafe deserialization.EPSS 0.3%CVE-2026-41732HIGHIn Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserializationEPSS 0.3%CVE-2026-22608HIGHFickling vulnerable to use of ctypes and pydoc gadget chain to bypass detectionEPSS 0.3%CVE-2024-29040MEDIUMFapi Verify Quote: Does not detect if quote was not generated by TPMEPSS 0.3%CVE-2025-34449MEDIUMGenymobile/scrcpy <= 3.3.3 Global Buffer OverflowEPSS 0.3%CVE-2025-13913MEDIUMInductive Automation Ignition Software Deserialization of Untrusted DataEPSS 0.3%CVE-2026-22346HIGHWordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.5.4 - PHP Object Injection vulnerabilityEPSS 0.3%