Falhas do tipo CWE-502
2.283 resultadosCVE-2026-25360HIGHWordPress Vex theme < 1.2.9 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2026-25359HIGHWordPress Pendulum theme < 3.1.5 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2026-24976HIGHWordPress Organici Library plugin <= 2.1.2 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2025-52826HIGHWordPress Sala theme <= 1.1.3 - PHP Object Injection VulnerabilityEPSS 0.3%CVE-2026-24765HIGHPHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage HandlingEPSS 0.3%CVE-2026-40048HIGHApache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManagerEPSS 0.3%CVE-2026-58025MEDIUMRemote Code Execution via Unsafe Deserialization in LogItem ImportEPSS 0.3%CVE-2024-11839HIGHInsecure Deserialization via Runbooks ImportsEPSS 0.3%CVE-2025-54719HIGHWordPress Yogi - Health Beauty & Yoga Theme <= 2.9.2 - Deserialization of untrusted data VulnerabilityEPSS 0.3%CVE-2026-10532LOWLogback deserialization whitelist bypass for Proxy objectsEPSS 0.3%CVE-2026-12240HIGHExport User Data <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion via display_name FieldEPSS 0.3%CVE-2025-54742HIGHWordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection VulnerabilityEPSS 0.3%CVE-2026-9497MEDIUMchangmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserializationEPSS 0.3%CVE-2025-71378HIGHpicklescan - Remote Code Execution via Undetected cProfile.runctx in Pickle FilesEPSS 0.3%CVE-2026-57621CRITICALWordPress Booktics plugin <= 1.0.21 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2025-60834MEDIUMA fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input.EPSS 0.3%CVE-2026-57677CRITICALWordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2025-11345MEDIUMILIAS Test Import unserialize deserializationEPSS 0.3%CVE-2025-54053MEDIUMWordPress Groundhogg plugin <= 4.2.2 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2022-27580—A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including EPSS 0.3%