Weaknesses of type CWE-502
2,226 resultsCVE-2023-28667CRITICALThe Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. The tve_labels paraEPSS 1.1%CVE-2021-33176—VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due toEPSS 1.1%CVE-2021-33175—EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the hanEPSS 1.1%CVE-2023-33008MEDIUMApache Johnzon: Prevent inefficient internal conversion from BigDecimal at large scaleEPSS 1.1%CVE-2025-3439CRITICALEverest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object InjectionEPSS 1.1%CVE-2021-27277HIGHThis vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure MonitoEPSS 1.1%CVE-2024-45733HIGHRemote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on WindowsEPSS 1.1%CVE-2022-46478CRITICALThe RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrEPSS 1.1%CVE-2024-24926HIGHWordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to PHP Object InjectionEPSS 1.1%CVE-2024-10936HIGHString Locator <= 2.6.6 - Unauthenticated PHP Object InjectionEPSS 1.1%CVE-2024-47552CRITICALApache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata ServerEPSS 1.1%CVE-2024-53247HIGHRemote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway appEPSS 1.1%CVE-2022-2903HIGHNinjaForms < 3.6.13 - Admin+ PHP Objection InjectionEPSS 1.1%CVE-2023-33284HIGHMarval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attacker authenticated as any user is able to EPSS 1.1%CVE-2023-1196HIGHAdvanced Custom Fields - Contributor+ PHP Object InjectionEPSS 1.1%CVE-2026-25873CRITICALOmniGen2-RL Reward Server Unsafe Deserialization RCEEPSS 1.1%CVE-2026-2037HIGHGFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 1.1%CVE-2024-12312HIGHPrint Science Designer <= 1.3.152 - Unauthenticated PHP Object InjectionEPSS 1.1%CVE-2024-8030CRITICALUltimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object InjectionEPSS 1.1%CVE-2026-2036HIGHGFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 1.1%