Falhas do tipo CWE-502

2.276 resultados
CVE-2023-7032HIGH A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain EPSS 0.4%CVE-2025-52737HIGHWordPress WP Store Locator plugin <= 2.2.260 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-53586HIGHWordPress WeMusic Theme <= 1.9.1 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2021-27240HIGHThis vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attackerEPSS 0.4%CVE-2025-0974LOWMaxD Lightning Module deserializationEPSS 0.4%CVE-2025-3250MEDIUMelunez eladmin Maintenance Management Module testConnect deserializationEPSS 0.4%CVE-2025-32145HIGHWordPress WpEvently plugin <= 4.3.6 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-30889HIGHWordPress Testimonial Slider plugin <= 2.0.13 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-2020HIGHJS Archive List <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode AttributeEPSS 0.4%CVE-2024-3468HIGHDeserialization of Untrusted Data in AVEVA PI Web APIEPSS 0.4%CVE-2025-13713HIGHTencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-5498MEDIUMslackero phpwcms Custom Source Tab cnt21.readform.inc.php is_file deserializationEPSS 0.4%CVE-2026-42211HIGHReact Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCEEPSS 0.4%CVE-2026-24162HIGHNVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A succeEPSS 0.4%CVE-2025-63721CRITICALHummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API anEPSS 0.4%CVE-2026-32590HIGHMirror-registry: remote code execution using pickle deserializationEPSS 0.4%CVE-2025-5326MEDIUMzhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 verifyToken deserializationEPSS 0.4%CVE-2025-13716HIGHTencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-13706HIGHTencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%CVE-2025-13714HIGHTencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution VulnerabilityEPSS 0.4%