Weaknesses of type CWE-502
2,206 resultsCVE-2022-36944CRITICALScala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conEPSS 8.2%CVE-2025-42928CRITICALDeserialization Vulnerability in SAP jConnect - SDK for ASEEPSS 8.0%CVE-2025-61810HIGHColdFusion | Deserialization of Untrusted Data (CWE-502)EPSS 8.0%CVE-2025-36038CRITICALIBM WebSphere Application Server code executionEPSS 8.0%CVE-2020-10673HIGHFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.coEPSS 8.0%CVE-2023-21710HIGHMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 7.9%CVE-2021-20190HIGHA flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The higEPSS 7.5%CVE-2023-29234—Bypass serialize checks in Apache DubboEPSS 7.4%CVE-2022-36978CRITICALThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authEPSS 7.3%CVE-2025-57773HIGHDataease DB2 Aspectweaver Deserialization Arbitrary File Write VulnerabilityEPSS 7.3%CVE-2021-33026CRITICALThe Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local prEPSS 7.3%CVE-2022-47507HIGHSolarWinds Platform Deserialization of Untrusted Data VulnerabilityEPSS 7.2%CVE-2019-0344CRITICALDue to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possiEPSS 7.1%KEVCVE-2024-11392HIGHHugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 6.9%CVE-2022-36977CRITICALThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authEPSS 6.7%CVE-2024-55555HIGHInvoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY. This is exacerbEPSS 6.5%CVE-2023-27978HIGHA CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious paEPSS 6.5%CVE-2017-3203—Pivotal/Spring Spring-flex's Action Message Format (AMF3) Java implementation is vulnerable to insecure deserializationEPSS 6.3%CVE-2017-2608HIGHJenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types iEPSS 6.3%CVE-2020-11113HIGHFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.opEPSS 6.3%