CWE-502: Deserialization of Untrusted Data

SolarWinds Observability Self-Hosted has a deserialization vulnerability that allows authenticated low-privilege users to escalate privileges locally....

This vulnerability allows a local attacker to escalate privileges by exploiting a flaw in the communication protocol between server processes and serv...

This vulnerability in Delta Electronics DTN Soft allows remote code execution through deserialization of untrusted data in project files. Attackers ca...

This vulnerability allows remote code execution through deserialization of untrusted data in Delta Electronics DTM Soft project files. Attackers can c...

This vulnerability allows an unauthorized attacker to execute arbitrary code on SharePoint servers by exploiting insecure deserialization of untrusted...

GFI MailEssentials versions before 21.8 contain a local privilege escalation vulnerability where an attacker with local access can send a crafted seri...

This vulnerability allows arbitrary code execution through deserialization of untrusted data in NI G Web Development Software. Attackers can exploit i...

This CVE describes a deserialization vulnerability in Schneider Electric software where a non-admin authenticated user can execute arbitrary code by o...

This vulnerability allows attackers to bypass security features in Microsoft Excel, potentially enabling malicious code execution by opening specially...

This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpoint Manager (EPM) systems through deserialization ...

This vulnerability in multiple Siemens industrial automation products allows attackers to execute arbitrary code by exploiting improper input sanitiza...

This vulnerability allows local privilege escalation on Android devices through unsafe deserialization in the Settings app. Attackers can exploit this...

This vulnerability allows remote code execution through insecure deserialization in Progress Telerik UI for WPF. Attackers can exploit this to execute...

A deserialization vulnerability in NI VeriStand allows remote code execution when a user opens a malicious project file. This affects VeriStand 2024 Q...

This vulnerability allows local privilege escalation on Android devices through unsafe deserialization in ZygoteProcess.java. An attacker with WRITE_S...

This vulnerability allows attackers to execute arbitrary code on affected Siemens industrial control systems by exploiting insecure .NET BinaryFormatt...

Dell Common Event Enabler versions 8.9.10.0 and earlier contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attack...

CVE-2024-37064 is a deserialization vulnerability in ydata-profiling library versions 3.7.0+. Attackers can craft malicious datasets that execute arbi...

This vulnerability in ydata-profiling library allows remote code execution when a maliciously crafted report is loaded. Attackers can execute arbitrar...

This vulnerability allows remote code execution through specially crafted Excel files. Attackers can exploit this by tricking users into opening malic...

This vulnerability allows remote code execution through deserialization of untrusted data in NI FlexLogger and InstrumentStudio. Attackers can exploit...

CVE-2024-34072 is a deserialization vulnerability in the sagemaker-python-sdk's NumpyDeserializer module that allows remote code execution when proces...

This CVE describes a deserialization vulnerability in Schneider Electric software that allows remote code execution when a malicious project file is l...

This vulnerability allows an attacker with a low-privilege user account to escalate privileges by sending a malicious serialized object. It affects Sc...

This vulnerability allows a local malicious user to exploit insecure deserialization in Dell Alienware Command Center to execute arbitrary code on the...

CVE-2023-24621 is a deserialization vulnerability in Esoteric YamlBeans that allows attackers to execute arbitrary Java code by crafting malicious YAM...

CVE-2021-31680 is a deserialization vulnerability in YOLOv5 that allows attackers to execute arbitrary code by providing a malicious YAML configuratio...

This vulnerability allows authenticated attackers to execute arbitrary code with SYSTEM privileges on Windows Server Update Service (WSUS) servers. It...

This vulnerability allows local privilege escalation on Android devices through unsafe deserialization in the 'run of multiple files' component. Attac...

This CVE describes a deserialization vulnerability in the Dashboard module that allows remote code execution when a user opens a malicious file. Attac...

CVE-2022-28685 is a remote code execution vulnerability in AVEVA Edge 2020 SP2 Patch 0 (version 4201.2111.1802.0000) that allows attackers to execute ...

CVE-2023-1399 is a deserialization vulnerability in N6854A Geolocation Server that allows attackers to execute arbitrary code by sending malicious dat...

This CVE describes a deserialization vulnerability in Mitsubishi Electric's GENESIS64, ICONICS Suite, and MC Works64 products. An unauthenticated atta...

This CVE describes a deserialization vulnerability in Mitsubishi Electric's GENESIS64, ICONICS Suite, and MC Works64 software. An unauthenticated atta...

CVE-2022-27579 is a deserialization vulnerability in Flexi Soft Designer that allows attackers to execute arbitrary code by tricking users into openin...

This vulnerability in Android's GPS navigation message handling allows local privilege escalation without user interaction. It affects Android devices...

CVE-2021-41078 is a deserialization vulnerability in Nameko that allows remote code execution when processing malicious configuration files. Attackers...

This vulnerability allows local privilege escalation on Android 11 devices through unsafe deserialization in the ParsedIntentInfo component. Attackers...

CVE-2021-32568 is a deserialization vulnerability in mrdoc documentation software that allows attackers to execute arbitrary code by sending malicious...

This CVE describes an unsafe deserialization vulnerability in CODESYS Development System that allows arbitrary command execution when processing malic...

This CVE describes an unsafe deserialization vulnerability in CODESYS Development System that allows arbitrary command execution when processing malic...

This CVE describes an unsafe deserialization vulnerability in CODESYS Development System's Profile.FromFile() function. Attackers can craft malicious ...

This CVE-2021-21865 is an unsafe deserialization vulnerability in CODESYS Development System that allows arbitrary command execution when processing m...

This vulnerability allows local attackers with low-privileged access to escalate privileges to SYSTEM level via insecure deserialization in SolarWinds...

This vulnerability in JetBrains IntelliJ IDEA allows local code execution through insecure deserialization of workspace models. Attackers could exploi...

CVE-2020-28948 is a deserialization vulnerability in Archive_Tar that allows attackers to execute arbitrary code via PHAR archive exploitation. The vu...

This vulnerability allows arbitrary code execution when fabric8-maven-plugin processes malicious YAML configuration files during builds. It affects de...

This vulnerability allows remote code execution on Schneider Electric SCADAPack 7x Remote Connect software through malicious project files. Attackers ...

This vulnerability allows remote code execution on SCADAPack x70 Security Administrator systems through malicious .SDB files. Attackers can execute ar...

CVE-2020-24164 is a Java deserialization vulnerability in Taoensso Nippy library versions before 2.14.2. Attackers can craft malicious payloads that e...