CWE-502: Deserialization of Untrusted Data

This vulnerability allows unauthenticated remote code execution on Siemens Healthineers medical imaging systems through insecure deserialization of un...

CVE-2022-24108 is a critical insecure deserialization vulnerability in the Skyoftech So Listing Tabs module for OpenCart. It allows remote attackers t...

CVE-2022-29363 is a critical deserialization vulnerability in Phpok v6.1 that allows unauthenticated attackers to execute arbitrary code by writing ma...

This vulnerability allows remote attackers to execute arbitrary code on Orlansoft ERP systems by sending malicious serialized Java objects to the Java...

CVE-2022-25767 is a critical remote code execution vulnerability in the uReport2 console component. It allows attackers to execute arbitrary code by t...

CVE-2022-29528 is a PHAR deserialization vulnerability in MISP (Malware Information Sharing Platform) that allows attackers to execute arbitrary code ...

This vulnerability allows remote, unauthenticated attackers to execute arbitrary code on Atlassian Bitbucket Data Center instances via Java deserializ...

CVE-2022-21445 is a critical deserialization vulnerability in Oracle ADF Faces that allows unauthenticated remote attackers to execute arbitrary code....

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges on affected SIMATIC Energy Manager systems...

CVE-2020-19229 is a critical vulnerability in Jeesite 1.2.7 that uses a vulnerable version of Apache Shiro (1.2.3). This allows attackers to exploit a...

CVE-2021-33207 is a critical deserialization vulnerability in MashZone NextGen's HTTP client that allows remote code execution when processing HTTP re...

A deserialization vulnerability in Apache Dubbo's Hessian-lite serialization protocol allows remote attackers to execute arbitrary code by sending spe...

CVE-2021-42392 is a critical remote code execution vulnerability in H2 Database where attackers can exploit JNDI injection through the database driver...

CVE-2021-44029 is a remote code execution vulnerability in Quest KACE Desktop Authority versions before 11.2, caused by insecure deserialization in th...

CVE-2021-36336 is a critical deserialization vulnerability in Wyse Management Suite that allows unauthenticated attackers to execute arbitrary code on...

This vulnerability allows remote attackers to execute arbitrary code on Ivanti Avalanche systems by sending maliciously crafted data to the Data Repos...

This vulnerability allows remote code execution on Veritas Enterprise Vault servers through insecure .NET Remoting services. Attackers can exploit des...

This vulnerability allows remote code execution on Veritas Enterprise Vault servers through insecure .NET Remoting TCP ports. Attackers can exploit de...

This vulnerability in Veritas Enterprise Vault allows remote code execution through insecure .NET Remoting services that deserialize untrusted data. A...

ThinkPHP v6.0.8 contains a deserialization vulnerability in the Flysystem cached adapter component that allows remote code execution. Attackers can ex...

CVE-2021-42237 is a critical remote code execution vulnerability in Sitecore Experience Platform (XP) that allows unauthenticated attackers to execute...

CVE-2021-40719 is a critical deserialization vulnerability in Adobe Connect that allows attackers to execute arbitrary code on affected servers by sen...

CVE-2021-40720 is a critical deserialization vulnerability in Adobe Ops CLI that allows arbitrary code execution when processing malicious files. Atta...

CVE-2021-42090 is a remote code execution vulnerability in Zammad's Form functionality due to unsafe deserialization. Attackers can execute arbitrary ...

CVE-2021-41616 is a critical deserialization vulnerability in Apache DB DdlUtils 1.0 that allows remote code execution by exploiting insecure ObjectIn...

CVE-2021-31819 is a deserialization vulnerability in Halibut versions before 4.4.7 that allows remote code execution on systems that already trust eac...

CVE-2021-39392 is a critical remote code execution vulnerability in MyLittleBackup management tool due to a hardcoded machineKey in web.config. This a...

Apache Dubbo's Hessian protocol implementation has a critical deserialization vulnerability that allows unauthenticated remote code execution. Attacke...

CVE-2021-21741 is a critical remote code execution vulnerability in ZTE conference management systems where attackers can execute arbitrary commands b...

CVE-2021-37544 is an insecure deserialization vulnerability in JetBrains TeamCity that allows remote attackers to execute arbitrary code on affected s...

This vulnerability allows remote code execution on Neo4j databases with the shell server enabled. Attackers can exploit Java deserialization in the ex...

CVE-2021-29781 is a critical remote code execution vulnerability in IBM Partner Engagement Manager 2.0 caused by unsafe deserialization. Attackers can...

CVE-2021-37578 is a Java deserialization vulnerability in Apache jUDDI's RMI implementation that allows remote code execution. Attackers can send mali...

This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Dell EMC Avamar Server and Integrated Data Protection Applianc...

CVE-2021-35464 is an unauthenticated remote code execution vulnerability in ForgeRock AM servers due to insecure Java deserialization in the jato.page...

This vulnerability in Veeam Backup and Replication allows remote attackers to execute arbitrary code via insecure .NET remoting deserialization. It af...

CVE-2020-9493 is a critical deserialization vulnerability in Apache Chainsaw that allows remote attackers to execute arbitrary code by sending special...

CVE-2021-33806 is a remote code execution vulnerability in the BDew BdLib library for Minecraft, caused by insecure deserialization of untrusted data....

CVE-2021-25641 is a critical deserialization vulnerability in Apache Dubbo that allows remote unauthenticated attackers to force servers to use insecu...

CVE-2021-30179 is a critical remote code execution vulnerability in Apache Dubbo that allows attackers to execute arbitrary Java code by exploiting in...

CVE-2021-33790 is a critical deserialization vulnerability in the RebornCore library for Minecraft mods that allows remote code execution. Attackers c...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on systems running vulnerable versions of Checkbox Survey. It aff...

CVE-2021-32075 is an insecure deserialization vulnerability in Re-Logic Terraria game client that allows remote code execution. Attackers can exploit ...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges on SolarWinds Network Performance Monitor ...

CVE-2021-32098 is a critical vulnerability in Artica Pandora FMS that allows unauthenticated attackers to perform Phar deserialization, potentially le...

This vulnerability in PHPMailer allows remote attackers to execute arbitrary code through object injection via Phar deserialization when using UNC pat...

CVE-2021-29476 is a deserialization vulnerability in the PHP Requests HTTP library that allows remote code execution. Attackers can exploit this by se...

CVE-2021-29200 is an unsafe deserialization vulnerability in Apache OFBiz that allows unauthenticated remote code execution. Attackers can exploit thi...

Apache OFBiz versions before 17.12.07 contain an unsafe deserialization vulnerability that allows remote attackers to execute arbitrary code on affect...

CVE-2021-3287 is an unauthenticated remote code execution vulnerability in Zoho ManageEngine OpManager caused by insecure Java deserialization. Attack...