CWE-502: Deserialization of Untrusted Data

This vulnerability allows attackers to execute arbitrary code through PHP object injection by exploiting unsafe deserialization in the Eyecix JobSearc...

This vulnerability allows attackers to execute arbitrary code on Apache Seata servers by sending malicious serialized data when authentication is disa...

This critical vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti EPM systems by exploiting insecure deserializa...

A deserialization vulnerability in ThinkPHP versions 6.1.3 through 8.0.4 allows attackers to execute arbitrary code by sending specially crafted reque...

CVE-2024-40711 is a critical deserialization vulnerability in Veeam Backup & Replication that allows unauthenticated attackers to execute arbitrary co...

Delta Electronics DTN Soft version 2.0.1 and earlier contain a deserialization vulnerability that allows remote attackers to execute arbitrary code by...

This vulnerability allows remote attackers to execute arbitrary code through PHP object injection via deserialization of untrusted data in the eyecix ...

This vulnerability allows unauthenticated attackers to perform PHP object injection via deserialization of untrusted input in the Ultimate Store Kit p...

This vulnerability allows unauthenticated attackers to perform PHP object injection via a manipulated cookie in the Ultimate Store Kit plugin suite fo...

CVE-2024-43354 is a PHP object injection vulnerability in the myCred WordPress plugin that allows attackers to execute arbitrary code through deserial...

CVE-2024-28986 is a Java deserialization vulnerability in SolarWinds Web Help Desk that could allow remote code execution on the host system. While So...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Participants Database WordPress plugi...

This vulnerability allows remote attackers to execute arbitrary code on NI VeriStand DataLogging Server by sending specially crafted messages that tri...

This vulnerability in TorrentPier allows remote code execution by deserializing malicious cookies. Attackers can write arbitrary PHP files and execute...

CVE-2024-5488 is a critical vulnerability in the SEOPress WordPress plugin that allows unauthenticated attackers to exploit insecure REST API endpoint...

The WooCommerce Social Login plugin for WordPress is vulnerable to PHP object injection via deserialization of untrusted input in the 'woo_slg_verify'...

CVE-2024-5671 is an insecure deserialization vulnerability in Trellix IPS Manager workflows that allows unauthenticated remote attackers to execute ar...

CVE-2024-26289 is a critical deserialization vulnerability in PMB Services PMB that allows remote attackers to execute arbitrary code by sending malic...

This CVE describes a deserialization vulnerability in Apache InLong that allows attackers to bypass security controls using malicious parameters. Atta...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges on Voltronic Power ViewPower systems. The ...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges on Inductive Automation Ignition installat...

The Simple Job Board WordPress plugin is vulnerable to PHP object injection via deserialization of untrusted input, allowing unauthenticated attackers...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of GPT Academic by sending malicious seria...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges on Voltronic Power ViewPower Pro installat...

This vulnerability in Alldata v0.4.6 allows remote attackers to execute arbitrary code by sending specially crafted data to the FASTJSON deserializati...

This CVE describes a PHP object injection vulnerability in the WordPress Filter Custom Fields & Taxonomies Light plugin. Attackers can exploit insecur...

CVE-2024-28861 is a remote code execution vulnerability in Symfony 1 framework due to unsafe deserialization in the sfNamespacedParameterHolder class....

CVE-2024-2054 is a critical remote code execution vulnerability in Artica-Proxy's administrative web interface. Unauthenticated attackers can exploit ...

CVE-2024-28211 is a critical vulnerability in nGrinder versions before 3.5.9 that allows remote attackers to execute arbitrary code by connecting to m...

nGrinder versions before 3.5.9 contain a Java deserialization vulnerability that allows unauthenticated remote attackers to execute arbitrary code by ...

This vulnerability in the Tunis Soft 'Product Designer' module for PrestaShop allows remote attackers to execute arbitrary code, escalate privileges, ...

This vulnerability allows remote attackers to execute arbitrary code on WuKongCRM systems by exploiting a deserialization flaw in the fastjson compone...

Apache James email servers prior to versions 3.7.5 and 3.8.0 have a pre-authentication deserialization vulnerability in their JMX endpoint. Attackers ...

This vulnerability allows unauthenticated attackers to perform PHP object injection via deserialization of untrusted data in the ERE Recently Viewed W...

CVE-2024-22320 is an unsafe deserialization vulnerability in IBM Operational Decision Manager 8.10.3 that allows authenticated remote attackers to exe...

CVE-2024-23636 is a critical deserialization vulnerability in SOFARPC that allows remote code execution by bypassing the SOFA Hessian protocol's black...

This vulnerability in Clojure allows remote code execution through deserialization of untrusted objects. Attackers can craft malicious serialized obje...

The Estatik Real Estate WordPress plugin before version 4.1.1 contains a PHP Object Injection vulnerability via cookie deserialization. Unauthenticate...

This vulnerability allows remote attackers to execute arbitrary code on JEECG systems by sending specially crafted POST requests to the jeecgFormDemoC...

CVE-2023-32242 is a PHP object injection vulnerability in the WoodMart WordPress theme that allows attackers to execute arbitrary code through deseria...

This CVE describes a deserialization vulnerability in Apache IoTDB that allows attackers to execute arbitrary code by sending malicious serialized dat...

This CVE describes a deserialization vulnerability in Apache Dubbo that allows remote code execution when processing malicious packages. Attackers can...

CVE-2023-48887 is a critical deserialization vulnerability in Jupiter v1.3.1 that allows remote attackers to execute arbitrary commands by sending spe...

This critical vulnerability in Delta Electronics InfraSuite Device Master allows unauthenticated attackers to execute arbitrary code with local admini...

This vulnerability allows attackers to execute arbitrary code on Adobe ColdFusion servers by sending maliciously crafted data that gets improperly des...

This vulnerability allows attackers to execute arbitrary code on Adobe ColdFusion servers by sending maliciously crafted data that gets improperly des...

This vulnerability allows arbitrary code execution when PyArrow processes untrusted Arrow IPC, Feather, or Parquet files. Applications that read these...

CVE-2023-46817 is a PHP object injection vulnerability in phpFox that allows remote, unauthenticated attackers to execute arbitrary PHP code by exploi...

CVE-2023-47204 is a critical remote code execution vulnerability in transmute-core's YAML deserialization. Attackers can execute arbitrary Python code...

CVE-2023-35084 is a critical remote code execution vulnerability in Ivanti Endpoint Manager (formerly LANDesk Management Suite) caused by unsafe deser...