Weaknesses of type CWE-502
2,215 resultsCVE-2016-8653MEDIUMIt was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could EPSS 1.9%CVE-2022-31604CRITICALNVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via piEPSS 1.9%CVE-2022-31605CRITICALNVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.EPSS 1.9%CVE-2026-32184HIGHMicrosoft High Performance Compute (HPC) Pack Elevation of Privilege VulnerabilityEPSS 1.9%CVE-2026-32192HIGHAzure Monitor Agent Elevation of Privilege VulnerabilityEPSS 1.9%CVE-2025-55232CRITICALMicrosoft High Performance Compute (HPC) Pack Remote Code Execution VulnerabilityEPSS 1.9%CVE-2023-26464HIGHApache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppenderEPSS 1.9%CVE-2022-3357HIGHSmart Slider 3 < 3.5.1.11 - PHP Object InjectionEPSS 1.9%CVE-2022-0573HIGHJFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege EsEPSS 1.9%CVE-2022-23734HIGHDeserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code ExecutionEPSS 1.9%CVE-2021-35196HIGHManuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because thEPSS 1.9%CVE-2019-10135HIGHA flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function EPSS 1.9%CVE-2024-34515HIGHimage-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists().EPSS 1.9%CVE-2025-32434CRITICALPyTorch: `torch.load` with `weights_only=True` leads to remote code executionEPSS 1.9%CVE-2023-41330CRITICALUnsafe deserialization in knplabs/knp-snappyEPSS 1.9%CVE-2022-45923HIGHAn issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an EPSS 1.9%CVE-2021-23895CRITICALAuthorized deserialization of untrusted data in McAfee DBSecEPSS 1.9%CVE-2021-1414MEDIUMCisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution VulnerabilitiesEPSS 1.9%CVE-2020-5411—Jackson Configuration Allows Code Execution with Unknown "Serialization Gadgets"EPSS 1.9%CVE-2023-50220HIGHInductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 1.8%