CWE-502: Deserialization of Untrusted Data

A deserialization vulnerability in the OPC.Testclient utility within Rexroth IndraWorks allows attackers to execute arbitrary code by tricking users i...

This vulnerability in Rexroth IndraWorks allows attackers to execute arbitrary code on a user's system by tricking them into opening a malicious file,...

The NVIDIA NeMo Framework vulnerability allows remote code execution in distributed environments, enabling attackers to execute arbitrary code, escala...

PowerDocu versions before 2.4.0 contain a critical deserialization vulnerability where the application blindly trusts the $type property in JSON files...

This CVE describes a remote code execution vulnerability in PHPUnit's PHPT test execution when code coverage instrumentation is enabled. Attackers wit...

This vulnerability allows remote attackers to execute arbitrary code on Anritsu ShockLine systems by tricking users into opening malicious CHX files. ...

A deserialization vulnerability in Anritsu VectorStar's CHX file parser allows remote attackers to execute arbitrary code when a user opens a maliciou...

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious CHX files or visiting malicious pages. I...

This CVE describes a deserialization vulnerability in TYPO3 CMS mail file spool functionality. Local users with write access to the spool directory ca...

Bio-Formats up to version 8.3.0 has unsafe Java deserialization in the Memoizer class, allowing attackers to execute arbitrary code by providing malic...

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious SFD font files in FontForge. Attackers c...

This vulnerability allows remote attackers to execute arbitrary code as root on systems running vulnerable versions of Tencent Hunyuan3D-1. Attackers ...

This vulnerability allows remote attackers to execute arbitrary code as root on Tencent MedicalNet installations through deserialization of untrusted ...

This vulnerability allows remote attackers to execute arbitrary code as root on systems running Tencent FaceDetection-DSFD with the resnet endpoint. A...

This vulnerability allows remote attackers to execute arbitrary code as root on Tencent MimicMotion installations through deserialization of untrusted...

This vulnerability allows remote attackers to execute arbitrary code as root on Tencent PatrickStar installations by exploiting a deserialization flaw...

This vulnerability allows remote attackers to execute arbitrary code as root on systems running vulnerable versions of Tencent HunyuanDiT. Attackers c...

This vulnerability allows remote attackers to execute arbitrary code as root on systems running Tencent NeuralNLP-NeuralClassifier. Attackers can expl...

This vulnerability in Tencent TFace's restore_checkpoint function allows remote attackers to execute arbitrary code as root when users interact with m...

This vulnerability allows remote attackers to execute arbitrary code as root on Tencent HunyuanVideo installations through deserialization of untruste...

This vulnerability in Tencent TFace allows remote attackers to execute arbitrary code with root privileges by exploiting insecure deserialization in t...

This vulnerability allows remote attackers to execute arbitrary code as root on Tencent HunyuanDiT installations by exploiting insecure deserializatio...

An unauthenticated attacker can execute arbitrary code by tricking a user into opening a malicious CODESYS project file. The code runs with the user's...

This vulnerability allows a local authenticated attacker to exploit insecure deserialization in Ivanti Endpoint Manager to escalate their privileges. ...

This vulnerability allows local privilege escalation on Android devices by bypassing lazy bundle hardening through unsafe deserialization in PackagePa...

Fuji Electric FRENIC-Loader 4 contains a deserialization vulnerability when importing files through a specific window, allowing attackers to execute a...

This vulnerability in Siemens TIA Portal and related software allows attackers to execute arbitrary code by exploiting improper sanitization of securi...

A safe mode bypass vulnerability in Keras allows attackers to execute arbitrary code by tricking users into loading malicious .keras model archives. T...

SolarWinds Observability Self-Hosted has a deserialization vulnerability that allows authenticated low-privilege users to escalate privileges locally....

This vulnerability allows a local attacker to escalate privileges by exploiting a flaw in the communication protocol between server processes and serv...

This vulnerability in Delta Electronics DTN Soft allows remote code execution through deserialization of untrusted data in project files. Attackers ca...

This vulnerability allows remote code execution through deserialization of untrusted data in Delta Electronics DTM Soft project files. Attackers can c...

This vulnerability allows an unauthorized attacker to execute arbitrary code on SharePoint servers by exploiting insecure deserialization of untrusted...

GFI MailEssentials versions before 21.8 contain a local privilege escalation vulnerability where an attacker with local access can send a crafted seri...

This vulnerability allows arbitrary code execution through deserialization of untrusted data in NI G Web Development Software. Attackers can exploit i...

This CVE describes a deserialization vulnerability in Schneider Electric software where a non-admin authenticated user can execute arbitrary code by o...

This vulnerability allows attackers to bypass security features in Microsoft Excel, potentially enabling malicious code execution by opening specially...

This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpoint Manager (EPM) systems through deserialization ...

This vulnerability in multiple Siemens industrial automation products allows attackers to execute arbitrary code by exploiting improper input sanitiza...

This vulnerability allows local privilege escalation on Android devices through unsafe deserialization in the Settings app. Attackers can exploit this...

This vulnerability allows remote code execution through insecure deserialization in Progress Telerik UI for WPF. Attackers can exploit this to execute...

A deserialization vulnerability in NI VeriStand allows remote code execution when a user opens a malicious project file. This affects VeriStand 2024 Q...

This vulnerability allows local privilege escalation on Android devices through unsafe deserialization in ZygoteProcess.java. An attacker with WRITE_S...

This vulnerability allows attackers to execute arbitrary code on affected Siemens industrial control systems by exploiting insecure .NET BinaryFormatt...

Dell Common Event Enabler versions 8.9.10.0 and earlier contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attack...

CVE-2024-37064 is a deserialization vulnerability in ydata-profiling library versions 3.7.0+. Attackers can craft malicious datasets that execute arbi...

This vulnerability in ydata-profiling library allows remote code execution when a maliciously crafted report is loaded. Attackers can execute arbitrar...

This vulnerability allows remote code execution through specially crafted Excel files. Attackers can exploit this by tricking users into opening malic...

This vulnerability allows remote code execution through deserialization of untrusted data in NI FlexLogger and InstrumentStudio. Attackers can exploit...

CVE-2024-34072 is a deserialization vulnerability in the sagemaker-python-sdk's NumpyDeserializer module that allows remote code execution when proces...