Falhas do tipo CWE-502
2.226 resultadosCVE-2023-4402HIGHEssential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via productsEPSS 1.3%CVE-2019-17635—Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is reEPSS 1.3%CVE-2022-44371CRITICALhope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).EPSS 1.3%CVE-2024-42362HIGHGHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/importEPSS 1.3%CVE-2022-2442HIGHMigration, Backup, Staging – WPvivid <= 0.9.74 - Authenticated (Admin+) PHAR DeserializationEPSS 1.3%CVE-2022-2436HIGHDownload Manager <= 3.2.49 - Authenticated (Contributor+) PHAR DeserializationEPSS 1.3%CVE-2024-8862MEDIUMh2oai h2o-3 JDBC Connection 1 getConnectionSafe deserializationEPSS 1.3%CVE-2023-34434HIGHApache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath paramEPSS 1.3%CVE-2017-20189CRITICALIn Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relEPSS 1.3%CVE-2021-28254CRITICALA deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.EPSS 1.3%CVE-2022-2438HIGHBroken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR DeserializationEPSS 1.3%CVE-2022-41237CRITICALJenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a EPSS 1.3%CVE-2025-58046HIGHDataease has a JDBC attack vulnerability in the Impala datasourceEPSS 1.3%CVE-2021-21865HIGHA unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYSEPSS 1.3%CVE-2021-3035MEDIUMBridgecrew Checkov: Unsafe deserialization of Terraform files allows code executionEPSS 1.3%CVE-2021-3040MEDIUMBridgecrew Checkov: Unsafe deserialization of Terraform files allows code executionEPSS 1.3%CVE-2023-51389CRITICALHertzBeat SnakeYAML Deser RCEEPSS 1.3%CVE-2023-38155HIGHAzure DevOps Server Remote Code Execution VulnerabilityEPSS 1.3%CVE-2024-49147CRITICALMicrosoft Update Catalog Elevation of Privilege VulnerabilityEPSS 1.3%CVE-2022-37023—Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11EPSS 1.3%