Falhas do tipo CWE-502
2.250 resultadosCVE-2023-32242CRITICALWordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to PHP Object InjectionEPSS 0.8%CVE-2024-28211CRITICALnGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMIEPSS 0.8%CVE-2026-48909CRITICALJoomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4EPSS 0.8%CVE-2023-47204CRITICALUnsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.EPSS 0.8%CVE-2024-54282HIGHWordPress WP Mega Menu plugin <= 1.4.2 - PHP Object Injection vulnerabilityEPSS 0.8%CVE-2025-26866HIGHApache HugeGraph-Server: RAFT and deserialization vulnerabilityEPSS 0.8%CVE-2025-25691MEDIUMA PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a cEPSS 0.8%CVE-2022-4890MEDIUMabhilash1985 PredictApp Cookie new_framework_defaults_7_0.rb deserializationEPSS 0.8%CVE-2025-1077CRITICALRemote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather)EPSS 0.8%CVE-2024-10932HIGHBackup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace'EPSS 0.8%CVE-2022-37936CRITICALUnauthenticated Java deserialization vulnerability in Serviceguard Manager
EPSS 0.8%CVE-2025-48389HIGHFreeScout Vulnerable to Deserialization of Untrusted DataEPSS 0.8%CVE-2023-1399HIGH
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate prEPSS 0.8%CVE-2026-50633HIGHApache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImplEPSS 0.8%CVE-2024-8922HIGHProduct Enquiry for WooCommerce <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquiry_detail.phpEPSS 0.8%CVE-2024-1750MEDIUMTemmokuMVC Image Download images_get_down.php img_replace deserializationEPSS 0.8%CVE-2024-5085HIGHHash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object InjectionEPSS 0.8%CVE-2024-31317HIGHIn multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to uEPSS 0.8%CVE-2024-10079HIGHWP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) PHP Object InjectionEPSS 0.8%CVE-2024-12313HIGHCompare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object InjectionEPSS 0.8%