CWE-502: Deserialization of Untrusted Data

This critical vulnerability in Cisco Secure Firewall Management Center allows unauthenticated remote attackers to execute arbitrary Java code with roo...

CVE-2026-25632 is a critical remote code execution vulnerability in EPyT-Flow's REST API. Attackers can send malicious JSON payloads that trigger dyna...

A critical pre-authentication remote code execution vulnerability exists in React Server Components where unsafe deserialization of HTTP payloads allo...

This vulnerability allows remote attackers to execute arbitrary code on DOXENSE WATCHDOC systems by exploiting insecure deserialization in the .NET Re...

This CVE describes a critical deserialization vulnerability in SAP NetWeaver's RMI-P4 module that allows unauthenticated attackers to execute arbitrar...

This critical vulnerability in the sr_feuser_register TYPO3 extension allows unauthenticated attackers to execute arbitrary code on affected systems. ...

This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands as SAP Administrator on SAP SRM systems using the d...

This vulnerability allows remote code execution on vLLM instances using mooncake integration via insecure pickle deserialization over ZeroMQ sockets. ...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges on Siemens TeleControl Server Basic system...

This vulnerability allows unauthenticated attackers to perform PHP object injection in the GiveWP WordPress plugin, leading to arbitrary file deletion...

The GiveWP WordPress plugin is vulnerable to PHP object injection via the 'give_title' parameter, allowing unauthenticated attackers to execute arbitr...

CVE-2024-37099 is an unauthenticated PHP object injection vulnerability in the GiveWP WordPress plugin. Attackers can exploit deserialization of untru...

CVE-2024-30225 is an unauthenticated PHP object injection vulnerability in the WP Migrate WordPress plugin. It allows remote attackers to execute arbi...

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserialization in the WP Swings Coupon Referral Program WordP...

This CVE describes an unauthenticated PHP object injection vulnerability in the WordPress Sayfa Sayac plugin. Attackers can exploit deserialization of...

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserialization of untrusted data in the Genesis Simple Love...

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire protocol marshaller. It allows remote attackers wi...

CVE-2021-27460 is a critical deserialization vulnerability in Rockwell Automation FactoryTalk AssetCentre that allows remote unauthenticated attackers...

CVE-2019-19810 is a critical Java deserialization vulnerability in Zoom Call Recording 6.3.1 from Eleveo that allows remote unauthenticated attackers ...

This vulnerability allows unauthenticated attackers to execute arbitrary code on affected systems by exploiting insecure deserialization in Siemens Ce...

CVE-2025-49113 is a critical remote code execution vulnerability in Roundcube Webmail affecting authenticated users. It allows attackers to execute ar...

This vulnerability allows remote attackers to execute arbitrary code on Hitachi Vantara Pentaho Business Analytics Server by sending specially crafted...

This vulnerability allows authenticated attackers with read-only admin credentials to execute arbitrary commands as root on Cisco ISE devices via inse...

A deserialization vulnerability in Kibana allows arbitrary code execution when parsing malicious YAML documents. This only affects users who have enab...

This CVE describes a remote code execution vulnerability in Progress Telerik Report Server caused by insecure deserialization. Attackers can exploit t...

This vulnerability allows remote code execution on Veeam Service Provider Console servers through unsafe deserialization in agent communication. Attac...

This vulnerability allows remote attackers to execute arbitrary code on Progress Telerik Report Server through insecure deserialization. Attackers can...

This critical vulnerability in Cisco Unified Communications and Contact Center Solutions allows unauthenticated remote attackers to execute arbitrary ...

This CVE describes a PHP object injection vulnerability in the Gecka Terms Thumbnails WordPress plugin due to insecure deserialization of untrusted da...

This vulnerability allows attackers to execute arbitrary PHP code through deserialization of untrusted data in the ARI Stream Quiz WordPress plugin. I...

This vulnerability allows authenticated attackers to perform PHP object injection through deserialization of untrusted data in the Rencontre WordPress...

This CVE describes a critical deserialization vulnerability in Siemens Siveillance Video Event Server that allows authenticated remote attackers to ex...

This vulnerability allows remote code execution via Java deserialization attacks against Ratpack's session store. Attackers can execute arbitrary code...

The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin is vulnerable to PHP Object Injection via deserialization of untrusted inpu...

U-Office Force software has an insecure deserialization vulnerability that allows unauthenticated attackers to remotely execute arbitrary code on affe...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the ThemeREX Lorem Ipsum | Books & Media ...

This CVE describes a PHP object injection vulnerability in the KindlyCare WordPress theme where untrusted data can be deserialized, potentially allowi...

This CVE describes a PHP object injection vulnerability in the Jthemes Prestige WordPress theme, caused by insecure deserialization of untrusted data....

This vulnerability allows attackers to execute arbitrary code through PHP object injection by exploiting insecure deserialization in the PhotoMe WordP...

This vulnerability in the BoldThemes Ippsum WordPress theme allows attackers to inject malicious objects through deserialization of untrusted data. It...

This CVE describes a PHP object injection vulnerability in the BoldThemes Nestin WordPress theme. Attackers can exploit insecure deserialization to ex...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Grand Restaurant WordPress theme. Suc...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the WpEvently mage-eventpress WordPress p...

This critical vulnerability in Azure SDK allows remote code execution through deserialization of untrusted data. Attackers can exploit this over a net...

SolarWinds Web Help Desk has an unauthenticated remote code execution vulnerability via untrusted data deserialization. Attackers can execute arbitrar...

SolarWinds Web Help Desk has an unauthenticated remote code execution vulnerability via untrusted data deserialization. Attackers can exploit this to ...

CVE-2026-0773 is a critical remote code execution vulnerability in Upsonic's Cloudpickle deserialization. Attackers can execute arbitrary code without...

CVE-2026-0763 is a critical deserialization vulnerability in GPT Academic's run_in_subprocess_wrapper_func that allows unauthenticated remote attacker...

CVE-2026-0764 is a critical deserialization vulnerability in GPT Academic's upload endpoint that allows unauthenticated remote attackers to execute ar...

CVE-2026-0760 is a critical remote code execution vulnerability in Foundation Agents MetaGPT's deserialize_message function. Attackers can exploit thi...