Fallos del tipo CWE-502

2237 resultados
CVE-2024-53909CRITICALAn issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrarEPSS 0.9%CVE-2024-53911CRITICALAn issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrarEPSS 0.9%CVE-2024-53913CRITICALAn issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrarEPSS 0.9%CVE-2024-53915CRITICALAn issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrarEPSS 0.9%CVE-2024-53910CRITICALAn issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrarEPSS 0.9%CVE-2024-53914CRITICALAn issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrarEPSS 0.9%CVE-2024-53912CRITICALAn issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrarEPSS 0.9%CVE-2019-2391MEDIUMJS-bson may incorrectly serialise some requestsEPSS 0.9%CVE-2024-47886HIGHChamilo: Post-Auth Remote Code ExecutionEPSS 0.9%CVE-2026-25747HIGHApache Camel LevelDB: Deserialization of Untrusted Data in Camel LevelDBEPSS 0.9%CVE-2026-42779CRITICALApache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)EPSS 0.9%CVE-2025-59245CRITICALMicrosoft SharePoint Online Elevation of Privilege VulnerabilityEPSS 0.9%CVE-2024-1872HIGHButton <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcodeEPSS 0.9%CVE-2024-45758CRITICALH2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command exEPSS 0.9%CVE-2026-0772HIGHLangflow Disk Cache Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.9%CVE-2026-26978HIGHFree PBX backup: Deserialization of Untrusted Data in admin/modules/backup/Models/BackupSplFileInfo.phpEPSS 0.9%CVE-2025-27778HIGHApplio allows unsafe deserialization in infer.pyEPSS 0.9%CVE-2024-49375CRITICALRemote Code Execution via Remote Model Loading in RasaEPSS 0.9%CVE-2022-44351CRITICALSkycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.EPSS 0.9%CVE-2024-0825HIGHVimeography: Vimeo Video Gallery WordPress Plugin <= 2.3.2 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.9%