CWE-502: Deserialization of Untrusted Data

This vulnerability in MLflow allows remote code execution when deserializing untrusted data from malicious Recipes. It affects MLflow versions 1.27.0 ...

This vulnerability allows remote code execution through malicious PyFunc models in MLflow. Attackers can upload specially crafted models that execute ...

This vulnerability allows remote code execution through malicious ML models in MLflow. Attackers can upload specially crafted LightGBM scikit-learn mo...

This vulnerability allows remote code execution through malicious ML models in MLflow. Attackers can upload specially crafted scikit-learn models that...

CVE-2024-34515 is a PHAR deserialization vulnerability in the spatie/image-optimizer library that allows attackers to execute arbitrary code by exploi...

This vulnerability allows remote attackers to execute arbitrary code on Inductive Automation Ignition installations by exploiting insecure deserializa...

This vulnerability in Inductive Automation Ignition allows authenticated remote attackers to execute arbitrary code with SYSTEM privileges by exploiti...

This vulnerability in Inductive Automation Ignition allows authenticated remote attackers to execute arbitrary code with SYSTEM privileges by exploiti...

This vulnerability allows authenticated remote attackers to execute arbitrary code on Inductive Automation Ignition systems by exploiting insecure des...

This vulnerability in the Essential Addons for Elementor WordPress plugin allows authenticated attackers with author-level access or higher to perform...

This vulnerability allows remote authenticated users to execute arbitrary PHP code through deserialization attacks in Gibbon's import functionality. A...

The Social Media Share Buttons WordPress plugin is vulnerable to PHP object injection via the attachmentUrl parameter. Authenticated attackers with su...

This vulnerability allows authenticated WordPress users with contributor-level access or higher to perform PHP object injection through the Post Grid,...

The Play.ht WordPress plugin is vulnerable to PHP object injection via deserialization of untrusted input in the play_podcast_data post meta. This all...

The Auto Refresh Single Page WordPress plugin is vulnerable to PHP object injection via insecure deserialization of untrusted input. This allows authe...

This vulnerability in the Vimeography WordPress plugin allows authenticated attackers with contributor-level access or higher to perform PHP object in...

This vulnerability in Oracle Agile PLM allows authenticated attackers with network access to execute arbitrary code through deserialization of untrust...

This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server by deserializing untrusted data. It affects organi...

This vulnerability in the Slider Revolution WordPress plugin allows users with Author role or higher to execute arbitrary code through unsafe unserial...

This vulnerability in the Ovic Responsive WPBakery WordPress plugin allows attackers with subscriber-level accounts or higher to modify critical WordP...

This vulnerability in the Hugging Face Transformers library allows remote code execution through unsafe deserialization of untrusted data. Attackers c...

CVE-2023-35182 is a remote code execution vulnerability in SolarWinds Access Rights Manager that allows unauthenticated attackers to execute arbitrary...

CVE-2023-35184 is a remote code execution vulnerability in SolarWinds Access Rights Manager that allows unauthenticated attackers to execute arbitrary...

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows authenticated attackers to execute arbitrary code by uploading a specially cr...

CVE-2023-43268 is a deserialization vulnerability in Deyue Remote Vehicle Management System v1.1 that allows remote attackers to execute arbitrary cod...

This vulnerability in Splunk Enterprise allows attackers to execute arbitrary code by crafting malicious queries that exploit insecure deserialization...

This vulnerability allows authorized Airflow users with Spark hook configuration permissions to execute arbitrary code on the Airflow node by connecti...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Nacos Spring Project. The issue stems f...

CVE-2023-38181 is a deserialization vulnerability in Microsoft Exchange Server that allows attackers to spoof email addresses and potentially execute ...

This vulnerability allows attackers with permission to modify ShardingSphere-Agent YAML configuration files to execute arbitrary code by exploiting un...

This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server by exploiting insecure deserialization. It affects...

This vulnerability allows remote unauthenticated attackers to execute arbitrary code on MIM software's License Server and MIMpacs services via the RMI...

Marval MSM versions through 14.19.0.12476 and 15.0 contain a deserialization vulnerability (CWE-502) that allows authenticated remote attackers to exe...

The Otter WordPress plugin before version 2.2.6 contains a PHAR deserialization vulnerability that allows attackers to execute arbitrary code on vulne...

This vulnerability in the Go Pricing WordPress plugin allows authenticated attackers with subscriber-level permissions to perform PHP object injection...

IBM InfoSphere Information Server 11.7 has a remote code execution vulnerability due to insecure deserialization in an RMI service. Attackers can expl...

This vulnerability in Advanced Custom Fields WordPress plugins allows authenticated users with Contributor role or higher to perform PHP Object Inject...

This vulnerability allows authenticated remote attackers to execute arbitrary code as administrator on Cisco Secure Network Analytics devices. Attacke...

This vulnerability in the Order GLPI plugin allows authenticated users with standard interface access to execute arbitrary system commands via a craft...

This vulnerability in Ivanti Avalanche allows authenticated remote attackers to bypass authentication mechanisms and execute arbitrary code via insecu...

This vulnerability allows authenticated users of Apache InLong to execute arbitrary code through deserialization of untrusted data. It affects Apache ...

CVE-2023-21529 is a remote code execution vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on ...

This vulnerability allows authenticated attackers to execute arbitrary code on Apache Kafka Connect servers by exploiting JNDI injection through SASL ...

This vulnerability in the Visualizer WordPress plugin allows authenticated attackers with contributor-level privileges to execute arbitrary PHP code t...

This vulnerability in opensearch-ruby allows remote code execution through unsafe YAML deserialization when connecting to a malicious OpenSearch serve...

CVE-2022-22005 is a remote code execution vulnerability in Microsoft SharePoint Server that allows authenticated attackers to execute arbitrary code o...

This vulnerability allows authenticated WordPress users with minimal privileges to perform PHP object injection attacks via a deserialization flaw in ...

CVE-2021-36231 is a deserialization vulnerability in MIK.starlight 7.9.5.24363 that allows authenticated remote attackers to execute arbitrary operati...

This vulnerability in Jenkins Code Coverage API Plugin allows attackers to execute arbitrary code on Jenkins servers by exploiting insecure deserializ...

This vulnerability allows authenticated users to upload malicious files that can execute arbitrary code on Rundeck servers. It affects all Rundeck edi...