Fallos del tipo CWE-502

2283 resultados
CVE-2025-8871MEDIUMEverest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form SignatureEPSS 0.3%CVE-2026-11857HIGHInsecure .NET Remoting deserialization in Quanos SCHEMA ST4 Client Update Service allows local privilege escalationEPSS 0.3%CVE-2025-15610CRITICALThe .NET Remoting framework used by OpenText Fax (RightFax) includes known security vulnerabilities that could be exploited if the service iEPSS 0.3%CVE-2026-13371MEDIUMWatchGuard Firebox Management Web UI Denial of Service via Unsafe DeserializationEPSS 0.3%CVE-2024-0654MEDIUMDeepFaceLab Util.py deserializationEPSS 0.3%CVE-2026-46386CRITICALOpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`EPSS 0.3%CVE-2025-66214HIGHLadybug has an XMLDecoder Deserialization Vulnerability (Java RCE)EPSS 0.3%CVE-2025-15117LOWDromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserializationEPSS 0.3%CVE-2026-39324CRITICALRack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserializationEPSS 0.3%CVE-2023-52200CRITICALWordPress ARMember Plugin <= 4.0.22 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object InjectionEPSS 0.3%CVE-2023-51545CRITICALWordPress Job Manager & Career Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object InjectionEPSS 0.3%CVE-2026-48919MEDIUMJenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.EPSS 0.3%CVE-2026-48917MEDIUMJenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.EPSS 0.3%CVE-2026-39578HIGHWordPress Valiance theme <= 1.2 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2025-34489HIGHGFI MailEssentials < 21.8 Local Privilege EscalationEPSS 0.3%CVE-2026-1235MEDIUMWP eCommerce <= 3.15.1 - Unauthenticated PHP Object InjectionEPSS 0.3%CVE-2026-41855HIGHSpring Framework Unsafe Deserialization via Jackson JMS ConvertersEPSS 0.3%CVE-2023-28072HIGH Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious useEPSS 0.3%CVE-2025-5174MEDIUMerdogant pypickle pypickle.py load deserializationEPSS 0.3%CVE-2026-5659MEDIUMpytries datrie trie File datrie.pyx Trie.__setstate__ deserializationEPSS 0.3%