Weaknesses of type CWE-502
2,226 resultsCVE-2026-43633CRITICALHestiaCP 1.9.0-1.9.4 Deserialization RCE via Web TerminalEPSS 1.1%CVE-2024-11409HIGHGrid View Gallery <= 1.0 - Authenticated (Editor+) PHP Object InjectionEPSS 1.1%CVE-2025-7697CRITICALIntegration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val FunctionEPSS 1.1%CVE-2022-41779HIGH
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the devEPSS 1.1%CVE-2024-52430CRITICALWordPress Lis Video Gallery plugin <= 0.2.1 - PHP Object Injection vulnerabilityEPSS 1.1%CVE-2022-48282MEDIUMDeserializing compromised object with MongoDB .NET/C# Driver may cause remote code executionEPSS 1.0%CVE-2023-45146CRITICALRemote code execution in XXL-RPCEPSS 1.0%CVE-2026-49121CRITICALAI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle DeserializationEPSS 1.0%CVE-2023-2141HIGHUnsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022 EPSS 1.0%CVE-2022-1415HIGHDrools: unsafe data deserialization in streamutilsEPSS 1.0%CVE-2023-33496CRITICALxxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NeEPSS 1.0%CVE-2023-51570CRITICALVoltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 1.0%CVE-2024-27604CRITICALAlldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized.EPSS 1.0%CVE-2021-22097—In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a bodyEPSS 1.0%CVE-2023-42809CRITICALRedisson unsafe deserialization vulnerabilityEPSS 1.0%CVE-2022-41778CRITICAL
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollEPSS 1.0%CVE-2024-9701CRITICALRemote Code Execution in kedro-org/kedroEPSS 1.0%CVE-2023-51656—Apache IoTDB: Unsafe deserialize map in Sync ToolEPSS 1.0%CVE-2023-25558HIGHDeserialization of untrusted data in DataHubEPSS 1.0%CVE-2023-26512CRITICALApache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted dataEPSS 1.0%