Falhas do tipo CWE-502
2.257 resultadosCVE-2024-7432HIGHUnseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%CVE-2024-10587HIGHFunnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%CVE-2026-3452HIGHConcrete CMS below 9.4.8 is vulnerable to stored deserialization leading to RCE in the Express Entry List block.EPSS 0.6%CVE-2025-26763CRITICALWordPress Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Plugin <= 3.94.0 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2022-42919HIGHPython 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python muEPSS 0.6%CVE-2025-24661HIGHWordPress Taxi Booking Manager for WooCommerce plugin <= 1.1.8 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2025-58757HIGHMONAI's unsafe use of Pickle deserialization may lead to RCEEPSS 0.6%CVE-2026-31237CRITICALThe Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a daEPSS 0.6%CVE-2026-31229CRITICALThe Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component'EPSS 0.6%CVE-2024-4471HIGH140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%CVE-2025-2690MEDIUMyiisoft Yii2 MockClass.php generate deserializationEPSS 0.6%CVE-2025-48200CRITICALThe sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.EPSS 0.6%CVE-2024-30227CRITICALWordPress Geo Controller plugin <= 8.6.4 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2023-25770CRITICALController stack overflow on decoding messages from the serverEPSS 0.6%CVE-2024-4838HIGHConvertPlus <= 3.5.26 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%CVE-2026-24163HIGHNVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successEPSS 0.6%CVE-2025-34394CRITICALBarracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCEEPSS 0.6%CVE-2025-53465HIGHWordPress GSheets Connector Plugin <= 1.1.1 - PHP Object Injection VulnerabilityEPSS 0.6%CVE-2026-33858HIGHApache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom APIEPSS 0.6%CVE-2024-13777HIGHZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object InjectionEPSS 0.6%