Weaknesses of type CWE-502
2,226 resultsCVE-2024-8514CRITICALPrisna GWT - Google Website Translator <= 1.4.11 - Authenticated (Admin+) PHP Object InjectionEPSS 1.0%CVE-2024-31903HIGHIBM Sterling B2B Integrator Standard Edition code executionEPSS 1.0%CVE-2024-1773HIGHPDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated (Subscriber+) PHP Object InjectionEPSS 1.0%CVE-2022-40889CRITICALPhpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.EPSS 1.0%CVE-2025-47277CRITICALvLLM Allows Remote Code Execution via PyNcclPipe Communication ServiceEPSS 1.0%CVE-2023-48952HIGHAn issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS)EPSS 1.0%CVE-2024-11465HIGHCustom Product Tabs for WooCommerce <= 1.8.5 - Authenticated (Shop Manager+) PHP Object InjectionEPSS 1.0%CVE-2018-18446CRITICALdotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).EPSS 1.0%CVE-2018-18447CRITICALdotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).EPSS 1.0%CVE-2024-41151HIGHApache HertzBeat: RCE by notice template injection vulnerabilityEPSS 1.0%CVE-2023-36825CRITICALOrchid Deserialization of Untrusted Data vulnerability leads to Remote Code ExecutionEPSS 1.0%CVE-2026-5127HIGHUser Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.1 - Authenticated (Subscriber+) PHP Object InjectionEPSS 1.0%CVE-2023-3343HIGHUser Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object InjectionEPSS 0.9%CVE-2019-6834HIGHA CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted syEPSS 0.9%CVE-2026-23869HIGHA denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-serverEPSS 0.9%CVE-2021-22777—A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file.EPSS 0.9%CVE-2024-2290HIGHAdvanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Admin+) PHP Object InjectionEPSS 0.9%CVE-2022-39298HIGHDeserialization of untrusted data in MelisFrontEPSS 0.9%CVE-2022-39297HIGHDeserialization of untrusted data in MelisCmsEPSS 0.9%CVE-2024-0302MEDIUMfhs-opensource iparking vueLogin deserializationEPSS 0.9%