Weaknesses of type CWE-502
2,206 resultsCVE-2021-39152HIGHA Server-Side Forgery Request vulnerability in XStream via HashMap unmarshalingEPSS 11.4%CVE-2022-1118HIGHRockwell Automation ISaGRAF Deserialization of Untrusted DataEPSS 11.4%CVE-2025-42999CRITICALInsecure Deserialization in SAP NetWeaver (Visual Composer development server)EPSS 11.2%KEVCVE-2023-38182HIGHMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 11.1%CVE-2019-12814MEDIUMA Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally oEPSS 11.0%CVE-2024-28074CRITICALSolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability EPSS 10.9%CVE-2025-47163HIGHMicrosoft SharePoint Server Remote Code Execution VulnerabilityEPSS 10.7%CVE-2026-33439CRITICALPre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAMEPSS 10.5%CVE-2020-36184HIGHFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.toEPSS 10.4%CVE-2020-17531—Deserialization flaw in EOL Tapestry 4.EPSS 9.7%CVE-2022-24082CRITICALIf an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filterEPSS 9.5%CVE-2025-64408MEDIUMApache Causeway: Java deserialization vulnerability to authenticated attackersEPSS 9.4%CVE-2026-25769CRITICALWazuh Cluster vulnerable to Remote Code Execution via Insecure DeserializationEPSS 9.2%CVE-2021-40720CRITICALOps CLI Deserialization of Untrusted Data leads to Abritrary Code ExecutionEPSS 9.2%CVE-2024-13163HIGHDeserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allowEPSS 9.2%CVE-2024-9917MEDIUMHuangDou UTCMS template_creat.php deserializationEPSS 8.7%CVE-2022-41966HIGHXStream Denial of Service via stack overflow EPSS 8.7%CVE-2022-34668CRITICALNVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileEPSS 8.2%CVE-2021-24579—Bold Page Builder < 3.1.6 - PHP Object InjectionEPSS 8.2%CVE-2017-3207—WebORB for Java by Midnight Coders, version 5.1.1.0, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserializationEPSS 8.2%