Weaknesses of type CWE-502
2,215 resultsCVE-2016-15044CRITICALKaltura < 11.1.0-2 PHP Object Injection RCEEPSS 1.4%CVE-2023-24997CRITICALApache InLong: Jdbc Connection Security BypassEPSS 1.4%CVE-2024-10828HIGHAdvanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order DetailsEPSS 1.4%CVE-2025-62368CRITICALTaiga Authenticated Remote Code ExecutionEPSS 1.4%CVE-2022-21624LOWVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that EPSS 1.4%CVE-2023-32336HIGHIBM InfoSphere Information Server code executionEPSS 1.4%CVE-2023-28500CRITICALA Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gaiEPSS 1.4%CVE-2024-9634CRITICALGiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code ExecutionEPSS 1.4%CVE-2023-1714HIGHBitrix24 Remote Command Execution (RCE) via Unsafe Variable ExtractionEPSS 1.4%CVE-2023-45672HIGHFrigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py`EPSS 1.4%CVE-2026-24009HIGHDocling Core vulnerable to Remote Code Execution via unsafe PyYAML usageEPSS 1.4%CVE-2020-7532—A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could alloEPSS 1.4%CVE-2023-48886CRITICALA deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request.EPSS 1.4%CVE-2020-7528—A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbEPSS 1.4%CVE-2025-0912CRITICALGiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object InjectionEPSS 1.3%CVE-2024-39705CRITICALNLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download funEPSS 1.3%CVE-2022-24282HIGHA vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All EPSS 1.3%CVE-2023-33963CRITICALDataEase data source has deserialization vulnerabilityEPSS 1.3%CVE-2022-2437CRITICALFeed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR DeserializationEPSS 1.3%CVE-2020-12525HIGHWAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER componentEPSS 1.3%