CWE-502: Deserialization of Untrusted Data

This vulnerability in the VEDA WordPress theme allows authenticated attackers with Subscriber-level access or higher to inject PHP objects through ins...

The Donations Widget WordPress plugin contains a PHP object injection vulnerability that allows unauthenticated attackers to execute arbitrary code on...

CVE-2025-0767 is a PHP object injection vulnerability in WP Activity Log plugin that allows remote code execution. Attackers can exploit unvalidated u...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Flexmls® IDX WordPress plugin. Succe...

The ravpage WordPress plugin is vulnerable to PHP object injection via deserialization of untrusted input in the 'paramsv2' parameter. This allows una...

The s2Member Pro WordPress plugin is vulnerable to PHP object injection via deserialization of untrusted input in the 's2member_pro_remote_op' paramet...

This vulnerability allows attackers to achieve remote code execution on Apache EventMesh servers by sending malicious messages that trigger unsafe des...

The iControlWP WordPress plugin is vulnerable to PHP object injection via deserialization of untrusted input in the reqpars parameter. This allows una...

This vulnerability allows authenticated attackers to execute arbitrary code within CVAT's Nuclio function containers by exploiting unsafe serializatio...

This CVE describes a PHP object injection vulnerability in the Pdfcrowd Save as PDF WordPress plugin. Attackers can exploit insecure deserialization t...

This vulnerability allows attackers to execute arbitrary code on WordPress sites running the vulnerable FundPress plugin by exploiting PHP object inje...

A critical pre-authentication deserialization vulnerability in SonicWall SMA1000 management consoles allows remote unauthenticated attackers to execut...

This vulnerability allows attackers to execute arbitrary code through PHP object injection by exploiting unsafe deserialization in the Muzaara Google ...

This vulnerability allows unauthenticated attackers to perform PHP object injection through deserialization of untrusted data in the ARPrice WordPress...

CVE-2025-22777 is a critical PHP object injection vulnerability in the GiveWP WordPress plugin that allows attackers to execute arbitrary code by expl...

This vulnerability in the GiveWP WordPress plugin allows unauthenticated attackers to perform PHP object injection via donation form fields, leading t...

Apache OpenMeetings versions 2.1.0 through 7.x have insecure default clustering configurations that allow deserialization of untrusted data via OpenJP...

CVE-2024-55556 is a critical remote command execution vulnerability in Crater Invoice that allows unauthenticated attackers to execute arbitrary code ...

This vulnerability in Apache MINA allows attackers to send malicious serialized data that can lead to remote code execution through insecure Java dese...

This CVE describes a PHP object injection vulnerability in the Gueststream VRPConnector WordPress plugin that allows attackers to execute arbitrary co...

This CVE describes a deserialization vulnerability in PlexTrac's Runbooks modules that allows attackers to inject malicious objects and write arbitrar...

This vulnerability allows attackers to execute arbitrary code through PHP object injection by exploiting unsafe deserialization in ForumWP WordPress p...

CVE-2024-54273 is a PHP object injection vulnerability in the WordPress Mail Picker plugin caused by unsafe deserialization of untrusted data. Attacke...

This CVE describes a PHP deserialization vulnerability in ClipBucket V5 video hosting software that allows attackers to execute arbitrary code by send...

CVE-2024-51363 is an insecure deserialization vulnerability in Hodoku versions 2.3.0 to 2.3.2 that allows attackers to execute arbitrary code on affec...

JFinal CMS 5.1.0 contains a deserialization vulnerability in ApiForm.java that allows unauthenticated attackers to execute arbitrary commands on the s...

This vulnerability allows arbitrary code execution through deserialization of untrusted data in Apache Arrow R package's IPC and Parquet readers. It a...

CVE-2024-11145 is a critical deserialization vulnerability in Valor Apps Easy Folder Listing Pro for Joomla! that allows unauthenticated remote attack...

This vulnerability allows remote attackers to execute arbitrary code on Veritas Enterprise Vault servers by sending malicious data to a .NET Remoting ...

This vulnerability allows remote attackers to execute arbitrary code on Veritas Enterprise Vault servers by sending malicious data to a .NET Remoting ...

This vulnerability allows remote attackers to execute arbitrary code on Veritas Enterprise Vault servers by sending malicious data to a .NET Remoting ...

The FluentSMTP WordPress plugin is vulnerable to PHP object injection via deserialization of untrusted input, allowing unauthenticated attackers to in...

This CVE describes a PHP object injection vulnerability in the Geolocator WordPress plugin caused by unsafe deserialization of untrusted data. Attacke...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the WordPress Team Rosters plugin. All Wo...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the My Geo Posts Free WordPress plugin. S...

This vulnerability allows attackers to inject malicious PHP objects through deserialization of untrusted data in the Xin WordPress theme. Successful e...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the WDES Responsive Mobile Menu WordPress...

CVE-2024-52410 is a PHP object injection vulnerability in the Phoenixheart Referrer Detector WordPress plugin. Attackers can exploit insecure deserial...

CVE-2021-3838 is a PHAR deserialization vulnerability in DomPDF that allows attackers to achieve remote code execution by uploading malicious files. T...

Delta Electronics InfraSuite Device Master versions before 1.0.12 have a deserialization vulnerability in the Device-Gateway component that allows una...

This CVE describes a PHP object injection vulnerability in the DS.DownloadList WordPress plugin caused by unsafe deserialization of untrusted data. At...

This vulnerability allows remote code execution through deserialization in PyTorch's RemoteModule feature. It affects users running PyTorch distribute...

This CVE describes a PHP object injection vulnerability in the Smartdevth Advanced Advertising System WordPress plugin. Attackers can exploit insecure...

CVE-2024-49332 is a PHP object injection vulnerability in the Giveaway Boost WordPress plugin that allows attackers to execute arbitrary code through ...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the My Reading Library WordPress plugin. ...

CVE-2024-49218 is a PHP object injection vulnerability in the Recently WordPress plugin that allows attackers to execute arbitrary code through deseri...

This CVE describes a PHP object injection vulnerability in the Telecash Ricaricaweb WordPress plugin. Attackers can exploit deserialization of untrust...

This vulnerability allows unauthenticated attackers to perform PHP object injection via the give_company_name parameter in the GiveWP WordPress plugin...

This CVE describes a PHP object injection vulnerability in the Talkback WordPress plugin caused by unsafe deserialization of untrusted data. Attackers...

This vulnerability in DataEase allows attackers to execute arbitrary system commands by exploiting PostgreSQL JDBC deserialization through unfiltered ...