Weaknesses of type CWE-502

2,215 results
CVE-2022-43019CRITICALOpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.EPSS 1.8%CVE-2021-24857ToTop Link <= 1.7.1 - Unauthenticated PHP Object InjectionEPSS 1.8%CVE-2024-11039HIGHDeserialization of Untrusted Data in binary-husky/gpt_academicEPSS 1.8%CVE-2021-37181A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions),EPSS 1.8%CVE-2022-40609HIGHIBM SDK, Java Technology Edition code executionEPSS 1.8%CVE-2020-15172HIGHRemote Code Execution in Act moduleEPSS 1.8%CVE-2021-25642Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity schedulerEPSS 1.8%CVE-2023-35317HIGHWindows Server Update Service (WSUS) Elevation of Privilege VulnerabilityEPSS 1.8%CVE-2023-46817CRITICALAn issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized befoEPSS 1.8%CVE-2022-21549MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions EPSS 1.8%CVE-2025-24919HIGHDell ControlVault3/ControlVault3 Plus deserialization of untrusted input vulnerabilityEPSS 1.8%CVE-2019-11286CRITICALJMX Credential Deserialization in GemFireEPSS 1.8%CVE-2022-3360HIGHLearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST APIEPSS 1.8%CVE-2023-39476CRITICALInductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 1.8%CVE-2021-21869HIGHAn unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS DevEPSS 1.8%CVE-2022-2444HIGHVisualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR DeserializationEPSS 1.8%CVE-2026-42471HIGHUnsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on EPSS 1.8%CVE-2023-39410Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDKEPSS 1.8%CVE-2023-21713HIGHMicrosoft SQL Server Remote Code Execution VulnerabilityEPSS 1.8%CVE-2020-7385HIGHMetasploit Framework 'drb_remote_codeexec' code executionEPSS 1.8%