Weaknesses of type CWE-502
2,215 resultsCVE-2023-6654MEDIUMPHPEMS Session Data session.cls.php deserializationEPSS 1.7%CVE-2024-56058CRITICALWordPress VRPConnector plugin <= 2.0.1 - PHP Object Injection vulnerabilityEPSS 1.7%CVE-2022-41137HIGHApache Hive: Deserialization of untrusted data when fetching partitions from the MetastoreEPSS 1.7%CVE-2021-36336CRITICALWyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execuEPSS 1.7%CVE-2021-21867HIGHAn unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESEPSS 1.6%CVE-2025-29953CRITICALApache ActiveMQ NMS OpenWire Client: deserialization allowlist bypassEPSS 1.6%CVE-2024-8502CRITICALRemote Code Execution via Deserialization in modelscope/agentscopeEPSS 1.6%CVE-2020-36727CRITICALNewsletter Manager <= 1.5.1 - Insecure DeserializationEPSS 1.6%CVE-2022-29875—A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, EPSS 1.6%CVE-2024-49063HIGHMicrosoft/Muzic Remote Code Execution VulnerabilityEPSS 1.6%CVE-2021-1415MEDIUMCisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution VulnerabilitiesEPSS 1.6%CVE-2021-1413MEDIUMCisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution VulnerabilitiesEPSS 1.6%CVE-2021-21868HIGHAn unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS EPSS 1.6%CVE-2021-33420CRITICALA deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializablEPSS 1.6%CVE-2022-41875CRITICALRemote Code Execution in OpticaEPSS 1.6%CVE-2025-30284HIGHColdFusion | Deserialization of Untrusted Data (CWE-502)EPSS 1.6%CVE-2025-7384CRITICALDatabase for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File DeletionEPSS 1.6%CVE-2021-29508CRITICALInsecure deserialization in WireEPSS 1.6%CVE-2025-8875CRITICALInsecure Deserialization VulnerabilityEPSS 1.6%KEVCVE-2022-39311CRITICALCompromised agents may be able to execute remote code on GoCD ServerEPSS 1.6%