Falhas do tipo CWE-502

2.284 resultados
CVE-2026-24141HIGHNVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deseEPSS 0.2%CVE-2026-31249HIGHCosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in EPSS 0.2%CVE-2026-24151HIGHNVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously craEPSS 0.2%CVE-2026-24152HIGHNVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciouEPSS 0.2%CVE-2025-33248HIGHNVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load EPSS 0.2%CVE-2026-24150HIGHNVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciouEPSS 0.2%CVE-2025-31175HIGHDeserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integEPSS 0.2%CVE-2026-39577HIGHWordPress Playroom theme <= 1.4.1 - PHP Object Injection vulnerabilityEPSS 0.2%CVE-2026-4416HIGHGIGABYTE|Performance Library - Insecure DeserializationEPSS 0.2%CVE-2025-53415HIGHFile Parsing Deserialization of Untrusted Data in DTM SoftEPSS 0.2%CVE-2026-45134HIGHLangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warningEPSS 0.2%CVE-2026-40993HIGHUnfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database EntryEPSS 0.2%CVE-2025-33252HIGHNVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerabiliEPSS 0.2%CVE-2025-7976HIGHAnritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.2%CVE-2025-54886HIGHskops: Card.get_model does not block arbitrary code executionEPSS 0.2%CVE-2026-53914MEDIUMIn JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadataEPSS 0.2%CVE-2024-0140MEDIUMNVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exEPSS 0.2%CVE-2026-1542MEDIUMSuper Stage WP <= 1.0.1 - Unauthenticated PHP Object InjectionEPSS 0.2%CVE-2025-3165MEDIUMthu-pacman chitu backend.py torch.load deserializationEPSS 0.2%CVE-2026-46590HIGHApache Camel: Camel-PQC: The HashiCorp Vault and AWS Secrets Manager key-lifecycle managers deserialize persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter (incomplete remediation of CVE-2026-40048)EPSS 0.2%