CWE-502: Deserialization of Untrusted Data

DataHub's SSO authentication improperly processes id_token claims with {#sb64} prefixes, allowing unsafe Java deserialization via pac4j library. This ...

This vulnerability allows remote code execution through insecure deserialization in Cambium Networks wireless devices. Attackers can send specially cr...

CVE-2021-4104 is a deserialization vulnerability in Log4j 1.2's JMSAppender that allows remote code execution when attackers can modify Log4j configur...

CVE-2021-26558 is a deserialization vulnerability in Apache ShardingSphere-UI that allows attackers to inject malicious external resources through unt...

CVE-2021-33175 is a denial of service vulnerability in EMQ X Broker where specially crafted untrusted inputs cause excessive memory consumption, leadi...

This CVE describes a PHP object injection vulnerability in the Team Showcase WordPress plugin. Remote authenticated attackers can execute arbitrary co...

This vulnerability allows remote code execution on Microsoft SharePoint servers through deserialization of untrusted data. Attackers can execute arbit...

This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint servers by deserializing untrusted data. It affects organ...

This vulnerability allows authenticated attackers to perform PHP object injection via deserialization of untrusted data in the Themify Ultra WordPress...

CVE-2025-9906 is a critical vulnerability in Keras that allows arbitrary code execution when loading specially crafted .keras model files. Attackers c...

This vulnerability in Siemens industrial automation software allows attackers to execute arbitrary code through type confusion when parsing user setti...

This vulnerability in Apache Avro's Java SDK allows attackers to execute arbitrary code by exploiting schema parsing flaws. It affects all users of Ap...

CVE-2024-1032 is a critical deserialization vulnerability in openBI's testConnection function that allows remote attackers to execute arbitrary code. ...

This critical vulnerability in Hecheng Leadshop allows remote attackers to execute arbitrary code through deserialization of untrusted data in the /we...

This is a critical remote code execution vulnerability in ZhiCms CMS software. Attackers can exploit insecure deserialization in the giftcontroller.ph...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Microsoft SQL Server Integration Servic...

This vulnerability in M&M Software's fdtCONTAINER Component allows attackers to execute arbitrary code by deserializing untrusted data from project st...

This vulnerability in Blesta billing software allows attackers to perform object injection attacks by sending specially crafted data. This affects all...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Icegram Email Subscribers & Newslette...

This vulnerability allows authenticated WordPress administrators to perform PHP object injection by uploading malicious CSV files through the WP Impor...

This vulnerability allows authenticated WordPress administrators to inject PHP objects through the Academy LMS plugin's import_all_courses function. T...

This CVE describes a deserialization vulnerability in the Awesome Support WordPress plugin that allows attackers to inject malicious objects through u...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the GSheets Connector WordPress plugin. S...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the eDS Responsive Menu WordPress plugin....

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Aitasi Coming Soon WordPress plugin. ...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the LTL Freight Quotes - TQL Edition Word...

This vulnerability allows attackers to inject malicious objects through untrusted data deserialization in the LTL Freight Quotes – Day & Ross Editio...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Welcart e-Commerce WordPress plugin. ...

This CVE describes a PHP object injection vulnerability in the Simple Login Log WordPress plugin. Attackers can exploit insecure deserialization to ex...

A deserialization vulnerability in the Content Egg WordPress plugin allows attackers to inject malicious objects by manipulating serialized data. This...

CVE-2025-49083 is a deserialization vulnerability in Absolute Secure Access management console that allows authenticated administrators to execute arb...

This vulnerability allows attackers to inject malicious objects through untrusted data deserialization in JetFormBuilder WordPress plugin. Attackers c...

This vulnerability allows authenticated WordPress administrators to perform PHP object injection via deserialization of untrusted input in the Glossar...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the WP Tabs WordPress plugin. Successful ...

This vulnerability allows attackers to inject malicious PHP objects through deserialization of untrusted data in the WP Maintenance WordPress plugin. ...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the WP-CRM System WordPress plugin. Succe...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Flickr Shortcode Importer WordPress p...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the djjmz Social Counter WordPress plugin...

This vulnerability allows an authenticated attacker to execute arbitrary code on Microsoft SharePoint servers by exploiting insecure deserialization o...

CVE-2025-30773 is a PHP object injection vulnerability in TranslatePress WordPress plugin caused by unsafe deserialization of untrusted data. Attacker...

This vulnerability allows authenticated WordPress administrators to inject PHP objects via deserialization of untrusted input in the Product Import Ex...

The WordPress Importer plugin is vulnerable to PHP object injection via deserialization of untrusted input. This allows authenticated attackers with A...

This CVE describes a PHP Object Injection vulnerability in the Export and Import Users and Customers WordPress plugin. Authenticated attackers with Ad...

This vulnerability allows authenticated WordPress administrators to inject PHP objects via deserialization of untrusted input in the Order Export & Or...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Brent Jett Assistant WordPress plugin...

This vulnerability in the Album Gallery WordPress plugin allows authenticated attackers with Editor-level access or higher to inject PHP objects throu...

The Tabs for WooCommerce WordPress plugin is vulnerable to PHP object injection through deserialization of untrusted input. This allows authenticated ...

This vulnerability in the giuliopanda ADFO WordPress plugin allows attackers to inject malicious objects through deserialization of untrusted data. It...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the NHR Options Table Manager WordPress p...

The Mambo Importer WordPress plugin is vulnerable to PHP object injection via deserialization of untrusted input, allowing authenticated administrator...