CWE-502: Deserialization of Untrusted Data

This vulnerability allows remote attackers to execute arbitrary code through deserialization of untrusted data in the ThemeREX Sound | Musical Instrum...

CVE-2025-67617 is a PHP object injection vulnerability in the Consult Aid WordPress theme that allows attackers to execute arbitrary code by exploitin...

CVE-2026-23524 is a critical deserialization vulnerability in Laravel Reverb that allows remote code execution when horizontal scaling is enabled. Att...

CVE-2025-56005 is a critical vulnerability in the PLY (Python Lex-Yacc) library that allows remote code execution via an undocumented 'picklefile' par...

This CVE describes a critical .NET deserialization vulnerability in Changjetong T+ software that allows remote attackers to execute arbitrary code on ...

This CVE describes a PHP object injection vulnerability in Tribulant Software's Newsletters WordPress plugin. Attackers can exploit insecure deseriali...

This CVE describes a PHP object injection vulnerability in the DZS Video Gallery WordPress plugin that allows attackers to execute arbitrary code thro...

This vulnerability allows attackers to execute arbitrary code through PHP object injection by exploiting unsafe deserialization in Icegram Express Pro...

This CVE describes a PHP object injection vulnerability in the Client Invoicing by Sprout Invoices WordPress plugin. Attackers can exploit insecure de...

This CVE describes a PHP object injection vulnerability in the BoldThemes Codiqa WordPress theme. Attackers can exploit insecure deserialization to ex...

This vulnerability allows remote attackers to execute arbitrary code through PHP object injection by exploiting unsafe deserialization in the Jannah W...

This vulnerability allows remote attackers to execute arbitrary code through deserialization of untrusted data in the WP Gravity Forms FreshDesk Plugi...

This vulnerability allows remote attackers to execute arbitrary code on WordPress sites using the WP Gravity Forms Insightly plugin. Attackers can exp...

This vulnerability allows remote attackers to execute arbitrary code through deserialization of untrusted data in the WP Gravity Forms Zoho CRM and Bi...

This vulnerability allows attackers to execute arbitrary code on WordPress sites using the Gravity Forms Constant Contact plugin by exploiting insecur...

This vulnerability allows remote attackers to execute arbitrary code on WordPress sites using the WP Gravity Forms HubSpot plugin (gf-hubspot) through...

This vulnerability allows attackers to execute arbitrary PHP code through insecure deserialization in the WP Gravity Forms Salesforce plugin. It affec...

This vulnerability allows attackers to inject malicious objects via untrusted data deserialization in the BoldThemes DentiCare WordPress theme, potent...

This CVE describes a critical remote code execution vulnerability in MooreThreads torch_musa where unsafe deserialization via pickle.load() allows arb...

Barracuda Service Center in the RMM solution prior to version 2025.1.1 exposes a .NET Remoting service that allows deserialization of arbitrary types,...

CVE-2025-51745 is a critical deserialization vulnerability in jishenghua JSH_ERP 2.3.1 that allows remote code execution via the /role/addcan endpoint...

CVE-2025-51746 is a critical deserialization vulnerability in jishenghua JSH_ERP 2.3.1 that allows remote code execution via the /serialNumber/addSeri...

This vulnerability allows remote attackers to execute arbitrary code on JSH_ERP systems through fastjson deserialization attacks targeting the /materi...

This vulnerability allows remote attackers to execute arbitrary code on JSH_ERP systems by exploiting a Fastjson deserialization flaw. Attackers can s...

This critical vulnerability in Microsoft SharePoint Online allows authenticated attackers to elevate their privileges within SharePoint environments. ...

CVE-2025-11367 allows remote attackers to execute arbitrary code on systems running vulnerable versions of N-central Software Probe via insecure deser...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the WP User Manager WordPress plugin. Suc...

This CVE describes a PHP object injection vulnerability in the s2Member WordPress plugin that allows attackers to execute arbitrary code by deserializ...

This vulnerability allows attackers to execute arbitrary code on WordPress sites using the WP Gravity Forms Keap/Infusionsoft plugin (gf-infusionsoft)...

This vulnerability allows remote attackers to execute arbitrary code through PHP object injection via deserialization of untrusted data in the NooThem...

This vulnerability allows remote attackers to execute arbitrary code through deserialization of untrusted data in the Seil WordPress theme. Attackers ...

CVE-2025-49386 is a PHP object injection vulnerability in the WordPress Preserve Code Formatting plugin that allows attackers to execute arbitrary cod...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Fetch Designs Sign-up Sheets WordPres...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Ajax Search Lite WordPress plugin. It...

This CVE describes a PHP object injection vulnerability in the JobSearch WordPress plugin that allows attackers to execute arbitrary code through dese...

This CVE describes a PHP object injection vulnerability in the quantumcloud KBx Pro Ultimate WordPress plugin, allowing attackers to execute arbitrary...

This CVE describes a PHP object injection vulnerability in the UNIVERSAM WordPress plugin that allows attackers to execute arbitrary code through dese...

This CVE describes a PHP object injection vulnerability in the Captivate Sync WordPress plugin that allows attackers to execute arbitrary code through...

This CVE describes a PHP object injection vulnerability in the WordPress Subscribe to Download plugin. Attackers can exploit insecure deserialization ...

This vulnerability allows attackers to execute arbitrary code by exploiting insecure deserialization in the White Rabbit WordPress theme. Attackers ca...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Whitebox-Studio Scape WordPress theme...

This vulnerability allows attackers to execute arbitrary code by exploiting insecure deserialization in the Goldenblatt WordPress theme. It affects al...

This CVE describes a PHP object injection vulnerability in the BoldThemes Addison WordPress theme. Attackers can exploit insecure deserialization to e...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Connector for Gravity Forms and Googl...

This vulnerability allows remote attackers to execute arbitrary code through PHP object injection via deserialization of untrusted data in the Noisa W...

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code on WordPress sites using vulnerable versions of the RegistrationMagi...

The Appointments plugin for WordPress has a PHP object injection vulnerability that allows unauthenticated attackers to execute arbitrary code by dese...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of pyquokka by sending malicious pickled p...

This vulnerability allows arbitrary code execution when deserializing malicious Keras files containing a TorchModuleWrapper class, even with safe mode...

A deserialization vulnerability in Apache ActiveMQ NMS AMQP Client allows malicious AMQP servers to execute arbitrary code on client systems when conn...