Fallos del tipo CWE-502

2250 resultados
CVE-2025-1971HIGHExport and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data ParameterEPSS 0.7%CVE-2025-34060CRITICALMonero Forum Remote Code Execution via Arbitrary File Read and Cookie ForgeryEPSS 0.7%CVE-2023-34382MEDIUMWordPress Dokan Plugin <= 3.7.19 is vulnerable to PHP Object InjectionEPSS 0.7%CVE-2026-31234CRITICALHorovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server component. The KVStore server, uEPSS 0.7%CVE-2026-53805CRITICALNVIDIA SIL GEN3C Unauthenticated RCE via Pickle Deserialization in Inference APIEPSS 0.7%CVE-2023-44392HIGHArbitrary code execution vulnerability when using shared Kubernetes clusterEPSS 0.7%CVE-2025-58756HIGHMONAI's unsafe torch usage may lead to arbitrary code executionEPSS 0.7%CVE-2024-1748MEDIUMvan_der_Schaar LAB AutoPrognosis Release Note load_model_from_file deserializationEPSS 0.7%CVE-2024-30225CRITICALWordPress WP Migrate plugin <= 2.6.10 - Unauthenticated PHP Object Injection vulnerabilityEPSS 0.7%CVE-2024-6960HIGHH2O deserializes ML models without filtering, potentially allowing execution of malicious codeEPSS 0.7%CVE-2024-54367CRITICALWordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerabilityEPSS 0.7%CVE-2025-43960HIGHAdminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., usingEPSS 0.7%CVE-2024-45852HIGHDeserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model toEPSS 0.7%CVE-2024-0937MEDIUMvan_der_Schaar LAB synthcity PKL File load_from_file deserializationEPSS 0.7%CVE-2024-12721HIGHCustom Product Tabs For WooCommerce <= 1.2.4 - Authenticated (Shop Manager+) PHP Object InjectionEPSS 0.7%CVE-2025-58384CRITICALIn DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting libraryEPSS 0.7%CVE-2024-4371CRITICALCoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object InjectionEPSS 0.7%CVE-2025-34414CRITICALEntrust Instant Financial Issuance (IFI) Legacy Remoting Service .NET Remoting RCEEPSS 0.7%CVE-2024-54273CRITICALWordPress Mail Picker plugin <= 1.0.14 - PHP Object Injection vulnerabilityEPSS 0.7%CVE-2025-11938MEDIUMChurchCRM setup.php deserializationEPSS 0.7%