Weaknesses of type CWE-502
2,226 resultsCVE-2023-3259CRITICALThe Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP addEPSS 0.9%CVE-2026-48560MEDIUMMicrosoft SharePoint Server Spoofing VulnerabilityEPSS 0.9%CVE-2024-31879HIGHIBM i denial of serviceEPSS 0.9%CVE-2024-24302CRITICALAn issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attaEPSS 0.9%CVE-2024-25117MEDIUMphp-svg-lib lacks path validation on font through SVG inline styles EPSS 0.9%CVE-2023-28462CRITICALA JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 andEPSS 0.9%CVE-2026-26333CRITICALCalero VeraSMART < 2022 R1 .NET Remoting Arbitrary File Read Leading to ViewState RCEEPSS 0.9%CVE-2024-5671CRITICALInsecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution anEPSS 0.9%CVE-2023-21568HIGHMicrosoft SQL Server Integration Service (VS extension) Remote Code Execution VulnerabilityEPSS 0.9%CVE-2022-41203CRITICALIn some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privilEPSS 0.9%CVE-2026-26215CRITICALmanga-image-translator Shared API Unsafe Deserialization RCEEPSS 0.9%CVE-2026-41104CRITICALMicrosoft Planetary Computer Pro Information Disclosure VulnerabilityEPSS 0.9%CVE-2023-6730CRITICALDeserialization of Untrusted Data in huggingface/transformersEPSS 0.9%CVE-2024-2501HIGHHubbub Lite – Fast, Reliable Social Network Sharing Buttons <= 1.33.1 - PHP Object InjectionEPSS 0.9%CVE-2026-33701CRITICALOpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code ExecutionEPSS 0.9%CVE-2025-62420HIGHDataEase vulnerable to remote code execution via H2 JDBC driver bypassEPSS 0.9%CVE-2024-1896HIGHPhoto Gallery <= 1.4.2 - Authenticated(Contributor+) PHP Object Injection via ShortcodeEPSS 0.9%CVE-2025-22777CRITICALWordPress GiveWP Plugin <= 3.19.3 - PHP Object Injection vulnerabilityEPSS 0.9%CVE-2024-53909CRITICALAn issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrarEPSS 0.9%CVE-2024-53913CRITICALAn issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrarEPSS 0.9%