CWE-502: Deserialization of Untrusted Data

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the TF Woo Product Grid Addon For Element...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Employee Spotlight WordPress plugin. ...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the WP Easy Contact WordPress plugin. Suc...

A deserialization vulnerability in Dell ControlVault3 and ControlVault3 Plus firmware allows arbitrary code execution when processing malicious respon...

The Jupiter X Core WordPress plugin is vulnerable to PHP object injection via deserialization of untrusted input in the 'file' parameter. This vulnera...

CVE-2025-3935 is a ViewState code injection vulnerability affecting ScreenConnect versions 25.2.3 and earlier. Attackers with compromised machine keys...

This vulnerability allows unauthenticated attackers to inject PHP objects via deserialization of untrusted input in the ZoomSounds WordPress plugin. I...

This CVE describes a PHP object injection vulnerability in the Puzzles WordPress theme that allows unauthenticated attackers to inject malicious PHP o...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Locatoraid Store Locator WordPress pl...

The Compare Products for WooCommerce WordPress plugin is vulnerable to PHP object injection through deserialization of untrusted cookie data. Unauthen...

The Print Science Designer WordPress plugin has a PHP object injection vulnerability that allows unauthenticated attackers to inject malicious PHP obj...

An unauthenticated Java deserialization vulnerability in HPE Remote Insight Support allows remote attackers to execute arbitrary code on affected syst...

CVE-2023-23649 is an unauthenticated PHP object injection vulnerability in the MainWP Links Manager Extension for WordPress. Attackers can exploit thi...

The Essential Blocks WordPress plugin up to version 4.2.0 contains a PHP object injection vulnerability in the get_posts function. Unauthenticated att...

CVE-2022-1415 is a deserialization vulnerability in Drools core utility classes that allows authenticated attackers to execute arbitrary code on affec...

CVE-2022-40609 is an unsafe deserialization vulnerability in IBM SDK Java Technology Edition that allows remote attackers to execute arbitrary code on...

CVE-2021-42631 is a deserialization vulnerability in PrinterLogic Web Stack that allows unauthenticated attackers to execute arbitrary code remotely. ...

Apache Karaf's JMX implementation is vulnerable to Java deserialization attacks, allowing remote code execution on affected systems. This affects Apac...

CVE-2021-23758 is a deserialization vulnerability in AjaxPro.2 that allows attackers to execute arbitrary .NET code by sending malicious serialized ob...

This vulnerability in SuperMartijn642's Config Lib allows attackers to send malicious packets that exploit Java's ObjectInputStream deserialization, p...

This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server by deserializing untrusted data. It affects organi...

This CVE describes a deserialization vulnerability in Huawei AnyOffice that allows remote code execution. Attackers can send crafted requests to explo...

CVE-2020-7385 is a deserialization vulnerability in Metasploit Framework's drb_remote_codeexec module that allows remote code execution on the attacke...

CVE-2021-26912 is a critical remote code execution vulnerability in NetMotion Mobility servers that allows unauthenticated attackers to execute arbitr...

CVE-2021-26914 is a critical Java deserialization vulnerability in NetMotion Mobility Server's MvcUtil component that allows unauthenticated remote at...

This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...

This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. It affects applications using...

This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...

This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. It affects applications using...

This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...

This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...

This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...

This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...

This vulnerability allows an authenticated attacker to execute arbitrary code on Microsoft SharePoint servers by sending specially crafted deserialize...

This vulnerability in Samsung DMS allows attackers to execute arbitrary code by exploiting insecure deserialization of untrusted data. Attackers can w...

This vulnerability allows remote code execution in multi-node vLLM deployments using the V0 engine. Attackers can exploit unsafe pickle deserializatio...

This vulnerability allows attackers to execute arbitrary code on WordPress sites using the Timber plugin by exploiting insecure deserialization of unt...

This CVE describes a PHP object injection vulnerability in the GiveWP WordPress plugin. Attackers can exploit insecure deserialization to execute arbi...

SolarWinds Access Rights Manager (ARM) contains a deserialization vulnerability that allows authenticated users to execute arbitrary code remotely. Th...

This vulnerability in Allegro AI's ClearML client SDK allows remote code execution through deserialization of untrusted data. An attacker can upload a...

CVE-2023-36439 is a remote code execution vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on ...

This vulnerability allows authenticated users of SolarWinds Access Rights Manager to execute arbitrary code remotely by abusing SolarWinds services. I...

CVE-2023-35180 is a remote code execution vulnerability in SolarWinds Access Rights Manager that allows authenticated users to execute arbitrary code ...

CVE-2023-36757 is a deserialization vulnerability in Microsoft Exchange Server that allows attackers to spoof email addresses and potentially execute ...

CVE-2023-36745 is a remote code execution vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on ...

This vulnerability in Hitachi Vantara Pentaho Business Analytics Server allows remote code execution through insecure JSON deserialization. Attackers ...

This vulnerability allows authenticated attackers with permission to create or configure objects in Jenkins to inject malicious content into Old Data ...

CVE-2025-33252 is a deserialization vulnerability in NVIDIA's NeMo Framework that allows remote attackers to execute arbitrary code. This affects orga...

A deserialization vulnerability in the OPC.Testclient utility within Rexroth IndraWorks allows attackers to execute arbitrary code by tricking users i...

This vulnerability in Rexroth IndraWorks allows attackers to execute arbitrary code on a user's system by tricking them into opening a malicious file,...