CWE-502: Deserialization of Untrusted Data

CVE-2025-59287 is a critical deserialization vulnerability in Windows Server Update Service (WSUS) that allows unauthenticated remote attackers to exe...

CVE-2023-49886 is a critical remote code execution vulnerability in IBM Standards Processing Engine caused by unsafe Java deserialization. Attackers c...

This vulnerability allows arbitrary code execution through deserialization of untrusted data in pyfory/pyfury libraries. Applications are affected if ...

CVE-2025-26399 is an unauthenticated remote code execution vulnerability in SolarWinds Web Help Desk's AjaxProxy component that allows attackers to ex...

A critical deserialization vulnerability in h2oai/h2o-3 allows attackers to bypass security checks using double URL encoding, enabling arbitrary file ...

A Java deserialization vulnerability in Jaspersoft Library allows remote attackers to execute arbitrary code by sending malicious serialized objects. ...

This vulnerability allows remote code execution in Dataease by exploiting improper JDBC URL validation in the H2 data source implementation. Attackers...

CVE-2025-55232 is a critical deserialization vulnerability in Microsoft High Performance Compute Pack (HPC) that allows remote attackers to execute ar...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Quiz And Survey Master WordPress plug...

CVE-2024-28988 is a critical Java deserialization vulnerability in SolarWinds Web Help Desk that allows unauthenticated attackers to execute arbitrary...

This vulnerability in h2o-3 allows attackers to bypass regex filters in JDBC connections by manipulating spaces between parameters, enabling deseriali...

CVE-2025-52761 is a PHP object injection vulnerability in the WP Funnel Manager WordPress plugin that allows attackers to execute arbitrary code by de...

This CVE describes a PHP object injection vulnerability in the MediCenter WordPress theme that allows attackers to execute arbitrary code through dese...

This vulnerability allows remote attackers to execute arbitrary code via PHP object injection through deserialization of untrusted data in the ThemeMa...

CVE-2025-54686 is a PHP object injection vulnerability in the Exertio WordPress theme that allows attackers to execute arbitrary code through deserial...

This vulnerability allows unauthenticated attackers to perform PHP object injection through deserialization of untrusted input in the Database for Con...

CVE-2025-45146 is a critical deserialization vulnerability in ModelCache for LLM that allows remote code execution by sending specially crafted data t...

This CVE describes a remote code execution vulnerability in ms-swift version 3.3.0 due to unsafe YAML deserialization. Attackers can execute arbitrary...

WinMatrix3 software from Simopro Technology has a critical insecure deserialization vulnerability that allows unauthenticated remote attackers to exec...

CVE-2025-53770 is a critical deserialization vulnerability in on-premises Microsoft SharePoint Server that allows unauthenticated attackers to execute...

This vulnerability allows unauthenticated attackers to perform PHP object injection through the Integration for Pipedrive and Contact Form 7 plugin fo...

CVE-2025-30973 is a PHP object injection vulnerability in Codexpert, Inc's CoSchool LMS WordPress plugin that allows attackers to execute arbitrary co...

CVE-2025-30949 is a PHP object injection vulnerability in the Guru Team Site Chat on Telegram WordPress plugin that allows attackers to execute arbitr...

This vulnerability allows remote code execution through unsafe deserialization in GPT-SoVITS-WebUI. Attackers can exploit this by providing malicious ...

This vulnerability allows remote code execution through unsafe deserialization in GPT-SoVITS-WebUI. Attackers can exploit the GPT_dropdown input to ex...

Adobe Experience Manager versions 6.5.23.0 and earlier contain a deserialization vulnerability that allows unauthenticated attackers to execute arbitr...

This vulnerability in Mescius ActiveReports.NET allows remote attackers to execute arbitrary code by exploiting insecure deserialization in the ReadVa...

The Education WordPress theme has a PHP object injection vulnerability that allows unauthenticated attackers to inject malicious PHP objects via deser...

This vulnerability allows attackers to execute arbitrary code by sending malicious serialized data to Apache Seata servers. It affects all Apache Seat...

CVE-2025-52724 is a PHP object injection vulnerability in the BoldThemes Amwerk WordPress theme that allows attackers to execute arbitrary code throug...

This vulnerability allows remote attackers to execute arbitrary code on WordPress sites running the vulnerable WP Optimize By xTraffic plugin. Attacke...

This vulnerability allows remote attackers to execute arbitrary code via PHP object injection through deserialization of untrusted data in the CRM Per...

This vulnerability allows attackers to execute arbitrary PHP code through deserialization of untrusted data in the Rapyd Payment Extension for WooComm...

CVE-2025-31919 is a PHP object injection vulnerability in the Spare WordPress theme that allows attackers to execute arbitrary code through deserializ...

CVE-2025-49455 is a PHP object injection vulnerability in the LoftOcean TinySalt WordPress theme that allows attackers to execute arbitrary code throu...

This vulnerability allows remote attackers to execute arbitrary code through deserialization of untrusted data in the PressGrid WordPress theme. Attac...

This vulnerability allows remote attackers to execute arbitrary code through deserialization of untrusted data in the The Fashion - Model Agency One P...

CVE-2025-31396 is a PHP object injection vulnerability in the FLAP Business WordPress theme that allows attackers to execute arbitrary code through de...

This vulnerability allows authenticated attackers to read arbitrary files on Apache InLong servers through a deserialization flaw. It affects Apache I...

This CVE describes a PHP object injection vulnerability in the Mr. Murphy WordPress theme caused by unsafe deserialization of untrusted data. Attacker...

A critical deserialization vulnerability in Soar Cloud HRD Human Resource Management System allows remote attackers to execute arbitrary system comman...

A deserialization vulnerability in ThimPress Course Builder WordPress theme allows attackers to inject malicious objects by manipulating serialized da...

This CVE describes a PHP object injection vulnerability in the ZoomSounds WordPress plugin that allows attackers to execute arbitrary code through des...

This vulnerability allows attackers to inject malicious PHP objects through deserialization of untrusted data in the WPFunnels WordPress plugin. Succe...

A PHP object injection vulnerability in the BoldThemes Avantage WordPress theme allows attackers to execute arbitrary code through deserialization of ...

This vulnerability allows remote attackers to execute arbitrary code through PHP object injection via deserialization of untrusted data in the Goodlay...

This vulnerability allows remote attackers to execute arbitrary code via PHP object injection through deserialization of untrusted data in the Goodlay...

This vulnerability allows attackers to execute arbitrary code on WordPress sites using the Car Dealer theme by exploiting insecure deserialization. It...

This vulnerability allows remote attackers to execute arbitrary code on WordPress sites using the Jarvis theme through PHP object injection via deseri...

CVE-2025-31927 is a PHP object injection vulnerability in the Acerola WordPress theme that allows attackers to execute arbitrary code through deserial...