Fallos del tipo CWE-502
2255 resultadosCVE-2023-49886CRITICALIBM Transformation Extender Advanced code executionEPSS 0.6%CVE-2025-26967HIGHWordPress Events Calendar for GeoDirectory plugin <= 2.3.14 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2024-51363CRITICALInsecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code.EPSS 0.6%CVE-2024-37057HIGHDeserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uplEPSS 0.6%CVE-2024-37056HIGHDeserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaEPSS 0.6%CVE-2024-37055HIGHDeserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaEPSS 0.6%CVE-2024-37053HIGHDeserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploadEPSS 0.6%CVE-2023-52202CRITICALWordPress HTML5 MP3 Player with Folder Feedburner Plugin <= 2.8.0 is vulnerable to PHP Object InjectionEPSS 0.6%CVE-2024-37052HIGHDeserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploadEPSS 0.6%CVE-2024-37058HIGHDeserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploadEPSS 0.6%CVE-2024-37059HIGHDeserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploadEPSS 0.6%CVE-2025-54923HIGHCWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity whEPSS 0.6%CVE-2024-56515MEDIUMUntrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in Matrix Media RepoEPSS 0.6%CVE-2021-4451MEDIUMNinjaFirewall <= 4.3.3 - Authenticated PHAR DeserializationEPSS 0.6%CVE-2023-52205CRITICALWordPress HTML5 SoundCloud Player Plugin <= 2.8.0 is vulnerable to PHP Object InjectionEPSS 0.6%CVE-2026-54512HIGHjackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiationEPSS 0.6%CVE-2023-37227CRITICALLoftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.EPSS 0.6%CVE-2023-52207CRITICALWordPress HTML5 MP3 Player with Playlist Free Plugin <= 3.0.0 is vulnerable to PHP Object InjectionEPSS 0.6%CVE-2023-28782HIGHWordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object InjectionEPSS 0.6%CVE-2025-31087CRITICALWordPress Multiple Shipping And Billing Address For Woocommerce plugin <= 1.5 - PHP Object Injection VulnerabilityEPSS 0.6%