Weaknesses of type CWE-502
2,226 resultsCVE-2025-7696CRITICALIntegration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val FunctionEPSS 1.0%CVE-2025-53002HIGHLLaMA-Factory Remote Code Execution (RCE) VulnerabilityEPSS 1.0%CVE-2021-38241CRITICALDeserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework.EPSS 1.0%CVE-2024-20926MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ScriptiEPSS 1.0%CVE-2024-28212CRITICALnGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.EPSS 1.0%CVE-2026-34838CRITICALGroup-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection`EPSS 1.0%CVE-2024-1951HIGHLogo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.3.8 - Authenticated(Contributor+) PHP Object InjectionEPSS 1.0%CVE-2024-10190CRITICALUnauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovodEPSS 1.0%CVE-2021-22095—In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new StrinEPSS 1.0%CVE-2023-5583HIGHWP Simple Galleries <= 1.34 - Authenticated (Contributor+) PHP Object InjectionEPSS 1.0%CVE-2025-2244CRITICALInsecure PHP deserialization issue in GravityZone Console (VA-12634)EPSS 1.0%CVE-2024-50507CRITICALWordPress DS.DownloadList plugin <= 1.3 - PHP Object Injection vulnerabilityEPSS 1.0%CVE-2024-37288CRITICALA deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted paEPSS 1.0%CVE-2023-31890CRITICALAn XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() pEPSS 1.0%CVE-2023-51785HIGHApache InLong: Arbitrary File Read Vulnerability in Apache InLong ManagerEPSS 1.0%CVE-2026-35337HIGHApache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential HandlingEPSS 1.0%CVE-2024-4019MEDIUMByzoro Smart S80 Management Platform importhtml.php deserializationEPSS 1.0%CVE-2026-5426CRITICALKnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey valueEPSS 1.0%CVE-2023-20102HIGHCisco Secure Network Analytics Remote Code Execution VulnerabilityEPSS 1.0%CVE-2024-44102CRITICALA vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with reduEPSS 1.0%