CWE-502: Deserialization of Untrusted Data

The Advanced AJAX Product Filters WordPress plugin is vulnerable to PHP object injection via deserialization of untrusted input in the Live Composer c...

This vulnerability in Infoblox NIOS allows attackers to execute arbitrary code remotely through insecure deserialization. It affects all Infoblox NIOS...

This vulnerability allows attackers to execute arbitrary code on WordPress sites running the vulnerable WpEvently plugin by exploiting insecure deseri...

This vulnerability allows attackers to execute arbitrary code through PHP object injection by exploiting insecure deserialization in the North WordPre...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Dental Care CPT WordPress plugin. Suc...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Tech Life CPT WordPress plugin. Succe...

This vulnerability allows remote attackers to execute arbitrary code through PHP object injection in the OneLife WordPress theme. Attackers can exploi...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Anona WordPress theme. It affects all...

This vulnerability allows attackers to inject malicious objects through insecure deserialization in the Vivagh WordPress theme. Attackers could execut...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Eventin WordPress plugin. Attackers c...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Kids Heaven WordPress theme. Attacker...

This vulnerability allows an authorized attacker to execute arbitrary code on Microsoft SharePoint servers by exploiting insecure deserialization of u...

A deserialization vulnerability in Broadcom DX NetOps Spectrum allows attackers to inject malicious objects by sending untrusted data to the applicati...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the DZS Video Gallery WordPress plugin. S...

LMDeploy versions before 0.11.1 have an insecure deserialization vulnerability where torch.load() is called without the weights_only=True parameter wh...

This vulnerability allows remote code execution on Apache NiFi systems through unsafe Java deserialization in the GetAsanaObject Processor. Attackers ...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Booking and Rental Manager for WooCom...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the PDF for Contact Form 7 WordPress plug...

This vulnerability allows attackers to execute arbitrary code on WordPress sites using the PDF for WPForms plugin by exploiting insecure deserializati...

This vulnerability allows attackers to execute arbitrary code on WooCommerce sites by exploiting insecure deserialization in the PDF Invoice Builder p...

This vulnerability allows remote code execution through deserialization of untrusted JSON data in Pentaho's Community Dashboard Editor plugin. Attacke...

This vulnerability in the Doubly WordPress plugin allows authenticated attackers with Subscriber-level access to execute arbitrary code through PHP ob...

This CVE describes a remote code execution vulnerability in Apache HugeGraph's PD store where a malicious Raft node can exploit insecure Hessian deser...

CVE-2025-33213 is a deserialization vulnerability in NVIDIA Merlin Transformers4Rec for Linux, allowing attackers to execute arbitrary code, cause den...

NVIDIA NVTabular for Linux has a deserialization vulnerability in its Workflow component that could allow attackers to execute arbitrary code, cause d...

This vulnerability in HummerRisk allows authenticated users with normal privileges to exploit a vulnerable Snakeyaml component via the /rule/add API e...

This CVE describes a remote code execution vulnerability in Fugue's RPC server implementation. Attackers can send malicious pickle data that gets dese...

This vulnerability in IBM webMethods Integration allows authenticated users to execute arbitrary code on affected systems through insecure deserializa...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Falang multilanguage WordPress plugin...

This vulnerability allows remote attackers to execute arbitrary code through insecure deserialization in the NooTheme Yogi WordPress theme. Attackers ...

This vulnerability in the Polylang WordPress plugin allows attackers to perform object injection through deserialization of untrusted data. Attackers ...

This vulnerability allows attackers to execute arbitrary PHP code through insecure deserialization in the Product Table For WooCommerce WordPress plug...

This CVE describes a PHP object injection vulnerability in the designthemes Knowledge Base WordPress theme. Attackers can exploit insecure deserializa...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the VEDA WordPress theme. It affects all ...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Boldermail WordPress plugin. Attacker...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the WP Store Locator WordPress plugin. Su...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Solar Energy WordPress theme. It affe...

This vulnerability allows authenticated attackers to bypass JDBC driver restrictions in DataEase by providing a malicious jdbcUrl parameter. Attackers...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the ThemeMove Core WordPress plugin. Succ...

This CVE describes a PHP object injection vulnerability in the Constant Contact for WordPress plugin caused by unsafe deserialization of untrusted dat...

This vulnerability in MONAI's pickle_operations function allows arbitrary code execution through unsafe deserialization of pickle data. Any system run...

A deserialization vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) allows remote attackers to execute arbitrary code by ...

CVE-2025-58163 is a remote code execution vulnerability in FreeScout help desk software where authenticated attackers with knowledge of the applicatio...

A PHP object injection vulnerability in PickPlugins Post Grid and Gutenberg Blocks WordPress plugins allows attackers to execute arbitrary code throug...

This CVE describes a PHP object injection vulnerability in the Eventin WordPress plugin caused by unsafe deserialization of untrusted data. Attackers ...

This vulnerability allows an authorized attacker to execute arbitrary code on systems running vulnerable versions of Web Deploy by exploiting insecure...

CVE-2025-54366 is a critical deserialization vulnerability in FreeScout help desk software that allows authenticated attackers with knowledge of the A...

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption allows attackers with local access to exec...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Visual Art | Gallery WordPress theme....

This CVE describes a PHP object injection vulnerability in the Hillter WordPress theme due to unsafe deserialization of untrusted data. Attackers can ...