Fallos del tipo CWE-502

2237 resultados
CVE-2024-2008HIGHModal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcodeEPSS 0.9%CVE-2023-23930MEDIUMvantage6's Pickle serialization is insecureEPSS 0.9%CVE-2023-5016MEDIUMspider-flow API DataSourceController.java DriverManager.getConnection deserializationEPSS 0.9%CVE-2025-2251MEDIUMOrg.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code executionEPSS 0.9%CVE-2023-2500HIGHGo Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Subscriber+) PHP Object InjectionEPSS 0.9%CVE-2025-56422CRITICALA deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.EPSS 0.9%CVE-2026-40860CRITICALApache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqpEPSS 0.9%CVE-2025-27818HIGHApache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configurationEPSS 0.9%CVE-2026-3296CRITICALEverest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry MetadataEPSS 0.9%CVE-2026-23524CRITICALLaravel Redis Horizontal Scaling Insecure DeserializationEPSS 0.9%CVE-2025-10492HIGHJaspersoft Library Deserialisation VulnerabilityEPSS 0.9%CVE-2024-12562CRITICALs2Member Pro <= 241216 - Unauthenticated PHP Object InjectionEPSS 0.9%CVE-2022-36038HIGHCircuitVerse potential RCE vulnerability via Oj.loadEPSS 0.9%CVE-2024-13742CRITICALiControlWP – Multiple WordPress Site Manager <= 4.4.5 - Unauthenticated PHP Object InjectionEPSS 0.9%CVE-2024-1225HIGHQiboSoft QiboCMS X1 Pay.php rmb_pay deserializationEPSS 0.9%CVE-2025-27819HIGHApache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configurationEPSS 0.9%CVE-2025-55010CRITICALKanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of EventsEPSS 0.9%CVE-2023-7064HIGHShortcodes and extra features for Phlox theme <= 2.17.5 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importerEPSS 0.9%CVE-2024-1897HIGHGrid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated (Contributor+) PHP Object Injection via shortcodeEPSS 0.9%CVE-2024-30226CRITICALWordPress BetterDocs plugin <= 3.3.3 - Unauthenticated PHP Object Injection vulnerabilityEPSS 0.9%