Falhas do tipo CWE-502

2.284 resultados
CVE-2026-2626HIGHDivi Booster < 5.0.2 - Unauthenticated PHP Object InjectionEPSS 0.2%CVE-2026-24251HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resourcEPSS 0.2%CVE-2024-10382HIGHArbitrary Code execution in Car App Android Jetpack LibraryEPSS 0.2%CVE-2025-41701HIGHBeckhoff: Deserialization of untrusted data by TwinCAT 3 EngineeringEPSS 0.2%CVE-2026-24250HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful EPSS 0.2%CVE-2026-3071HIGHDeserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code executiEPSS 0.2%CVE-2026-24244HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful explEPSS 0.2%CVE-2026-24245HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful explEPSS 0.2%CVE-2024-54678HIGHA vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All vEPSS 0.2%CVE-2025-46738MEDIUMDeserialization of Untrusted DataEPSS 0.2%CVE-2025-33212HIGHNVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a useEPSS 0.2%CVE-2025-61677LOWDataChain: Deserialization of Untrusted Data from Environment VariablesEPSS 0.1%CVE-2024-0047MEDIUMIn writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This couldEPSS 0.1%CVE-2026-38950HIGHAn issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected componeEPSS 0.1%CVE-2025-55136MEDIUMERC (aka Emotion Recognition in Conversation) through 0.3 has insecure deserialization via a serialized object because jsonpickle is used.EPSS 0.1%CVE-2025-70560HIGHBoltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to EPSS 0.1%CVE-2026-10721HIGHConcrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search componentsEPSS 0.1%CVE-2026-44501MEDIUMDataHub OIDC REDIRECT_URL Cookie Deserialization VulnerabilityEPSS 0.1%CVE-2026-12191HIGHComma AI Openpilot Pickle modeld.py pickle.loads deserializationEPSS 0.1%CVE-2025-48018HIGHDeserialization of Untrusted DataEPSS 0.1%