Weaknesses of type CWE-502
2,206 resultsCVE-2017-3199—GraniteDS, version 3.1.1.GA, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserializationEPSS 6.1%CVE-2024-4699MEDIUMD-Link DAR-8000-10 importhtml.php deserializationEPSS 6.1%CVE-2019-15271HIGHCisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution VulnerabilityEPSS 6.0%KEVCVE-2021-39140MEDIUMXStream can cause a Denial of ServiceEPSS 5.9%CVE-2020-11995—Apache Dubbo default deserialization protocol Hessian2 cause CREEPSS 5.8%CVE-2020-10917CRITICALThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication isEPSS 5.6%CVE-2019-14892HIGHA flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserializationEPSS 5.4%CVE-2019-18283—A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available wEPSS 5.4%CVE-2017-3201—Flamingo amf-serializer by Exadel, version 2.2.0, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserializationEPSS 5.4%CVE-2024-12742HIGHDeserialization of Untrusted Data Vulnerability in NI G Web Development SoftwareEPSS 5.4%CVE-2020-6967—In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk DiagnEPSS 5.4%CVE-2024-12029CRITICALRemote Code Execution via Model Deserialization in invoke-ai/invokeaiEPSS 5.3%CVE-2025-54920HIGHApache Spark: Spark History Server Code Execution VulnerabilityEPSS 5.3%CVE-2026-28277MEDIUMLangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loadingEPSS 5.2%CVE-2019-10202HIGHA series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-EPSS 5.2%CVE-2023-33160HIGHMicrosoft SharePoint Server Remote Code Execution VulnerabilityEPSS 5.2%CVE-2020-15188CRITICALUnauthenticated Remote Code Execution in SOY CMSEPSS 5.1%CVE-2020-36180HIGHFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.coEPSS 5.0%CVE-2020-36181HIGHFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.toEPSS 5.0%CVE-2020-36182HIGHFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.toEPSS 5.0%