Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-502 Clear
ID Title
CVE-2025-71371 Unsafe Deserialization in CVE-2025-71371 (CVE-2025-71371)
vulnerability in CVE-2025-71371 (CVE-2025-71371). Confidential information can be exposed externally.
CVE-2025-71368 Unsafe Deserialization in CVE-2025-71368 (CVE-2025-71368)
vulnerability in CVE-2025-71368 (CVE-2025-71368). Confidential information can be exposed externally.
CVE-2025-71350 Unsafe Deserialization in c (CVE-2025-71350)
vulnerability in c (CVE-2025-71350). Confidential information can be exposed externally.
CVE-2025-71363 Unsafe Deserialization in deserialization (CVE-2025-71363)
vulnerability in deserialization (CVE-2025-71363). Confidential information can be exposed externally.
CVE-2025-71349 Unsafe Deserialization in CVE-2025-71349 (CVE-2025-71349)
vulnerability in CVE-2025-71349 (CVE-2025-71349). Confidential information can be exposed externally.
CVE-2026-55223 Unsafe Deserialization in apache (CVE-2026-55223)
vulnerability in apache (CVE-2026-55223). Risk of unauthorized operations or information disclosure.
CVE-2026-13759 Unsafe Deserialization in ibm (CVE-2026-13759)
vulnerability in ibm (CVE-2026-13759). Successful exploitation can lead to full system takeover.
CVE-2026-7871 Unsafe Deserialization in langflow (CVE-2026-7871)
vulnerability in langflow (CVE-2026-7871). Successful exploitation can lead to full system takeover.
CVE-2026-12240 Unsafe Deserialization in wordpress (CVE-2026-12240)
vulnerability in wordpress (CVE-2026-12240). Successful exploitation can lead to full system takeover.
CVE-2026-46386 Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
CVE-2026-57527 Unsafe Deserialization in deserialization (CVE-2026-57527)
vulnerability in deserialization (CVE-2026-57527). Successful exploitation can lead to full system takeover.
CVE-2026-56057 Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
CVE-2026-56031 Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
CVE-2026-56032 Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
CVE-2026-56055 Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
CVE-2026-53914 Unsafe Deserialization in deserialization (CVE-2026-53914)
vulnerability in deserialization (CVE-2026-53914). Confidential information can be exposed externally.
CVE-2026-12578 Unsafe Deserialization in cisa (CVE-2026-12578)
vulnerability in cisa (CVE-2026-12578). Risk of unauthorized operations or information disclosure.
CVE-2025-71340 Unsafe Deserialization in CVE-2025-71340 (CVE-2025-71340)
vulnerability in CVE-2025-71340 (CVE-2025-71340). Confidential information can be exposed externally.
CVE-2026-56053 Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
CVE-2026-10043 Unsafe Deserialization in deserialization (CVE-2026-10043)
vulnerability in deserialization (CVE-2026-10043). Successful exploitation can lead to full system takeover.
CVE-2026-56121 Unsafe Deserialization in deserialization (CVE-2026-56121)
vulnerability in deserialization (CVE-2026-56121). Successful exploitation can lead to full system takeover.
CVE-2026-54512 Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512). Successful exploitation can lead to full system takeover. Exploitable via ``PolymorphicTypeValidator``. Mitigation: upgrade to `2.21.4` or later.
CVE-2026-41862 Unsafe Deserialization in CVE-2026-41862 (CVE-2026-41862)
vulnerability in CVE-2026-41862 (CVE-2026-41862). Successful exploitation can lead to full system takeover.
CVE-2026-39253 Unsafe Deserialization in CVE-2026-39253 (CVE-2026-39253)
vulnerability in CVE-2026-39253 (CVE-2026-39253). Successful exploitation can lead to full system takeover.
CVE-2025-71341 Unsafe Deserialization in CVE-2025-71341 (CVE-2025-71341)
vulnerability in CVE-2025-71341 (CVE-2025-71341). Confidential information can be exposed externally.
CVE-2025-71365 Unsafe Deserialization in CVE-2025-71365 (CVE-2025-71365)
vulnerability in CVE-2025-71365 (CVE-2025-71365). Confidential information can be exposed externally.
CVE-2025-71370 Unsafe Deserialization in CVE-2025-71370 (CVE-2025-71370)
vulnerability in CVE-2025-71370 (CVE-2025-71370). Confidential information can be exposed externally.
CVE-2025-71376 Unsafe Deserialization in CVE-2025-71376 (CVE-2025-71376)
vulnerability in CVE-2025-71376 (CVE-2025-71376). Confidential information can be exposed externally.
CVE-2026-48517 Vulnerability in MessagePack (CVE-2026-48517)
vulnerability in MessagePack (CVE-2026-48517). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializer.Typeless``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48502 Out-of-Bounds Read in MessagePack (CVE-2026-48502)
vulnerability in MessagePack (CVE-2026-48502). Risk of unauthorized operations or information disclosure. Exploitable via ``tokenSize``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-46607 Unsafe Deserialization in glances (CVE-2026-46607)
vulnerability in glances (CVE-2026-46607). Successful exploitation can lead to full system takeover. Exploitable via ``self.cache_file``. Mitigation: upgrade to `4.5.5` or later.
CVE-2025-71378 Unsafe Deserialization in mmaitre314 (CVE-2025-71378)
vulnerability in mmaitre314 (CVE-2025-71378). Confidential information can be exposed externally.
CVE-2025-71357 Unsafe Deserialization in mmaitre314 (CVE-2025-71357)
vulnerability in mmaitre314 (CVE-2025-71357). Confidential information can be exposed externally.
CVE-2025-71348 Unsafe Deserialization in mmaitre314 (CVE-2025-71348)
vulnerability in mmaitre314 (CVE-2025-71348). Confidential information can be exposed externally.
CVE-2026-12787 Vulnerability in deserialization (CVE-2026-12787)
vulnerability in deserialization (CVE-2026-12787). Risk of unauthorized operations or information disclosure.
CVE-2026-56304 Unsafe Deserialization in dos (CVE-2026-56304)
vulnerability in dos (CVE-2026-56304). Risk of unauthorized operations or information disclosure.
CVE-2026-48909 Unsafe Deserialization in CVE-2026-48909 (CVE-2026-48909)
vulnerability in CVE-2026-48909 (CVE-2026-48909). Risk of unauthorized operations or information disclosure.
CVE-2026-49286 Unsafe Deserialization in pontedilana/php-weasyprint (CVE-2026-49286)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49286). Successful exploitation can lead to full system takeover. Exploitable via ``eb8accc``. Mitigation: upgrade to `2.6.0` or later.
CVE-2026-12046 Vulnerability in flask (CVE-2026-12046)
vulnerability in flask (CVE-2026-12046). Successful exploitation can lead to full system takeover. Exploitable via `DELETE /sqleditor/close/`.
CVE-2026-8024 Unsafe Deserialization in deserialization (CVE-2026-8024)
vulnerability in deserialization (CVE-2026-8024). Successful exploitation can lead to full system takeover.
CVE-2026-12569 KEV [KEV] Vulnerability in Ptc deserialization (CVE-2026-12569)
vulnerability in Ptc deserialization (CVE-2026-12569). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-53805 Unsafe Deserialization in CVE-2026-53805 (CVE-2026-53805)
vulnerability in CVE-2026-53805 (CVE-2026-53805). Successful exploitation can lead to full system takeover.
CVE-2026-53874 Unsafe Deserialization in picklescan (CVE-2026-53874)
vulnerability in picklescan (CVE-2026-53874). Successful exploitation can lead to full system takeover. Exploitable via ``eval``. Mitigation: upgrade to `1.0.1` or later.
CVE-2025-71321 Unsafe Deserialization in picklescan (CVE-2025-71321)
vulnerability in picklescan (CVE-2025-71321). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
CVE-2026-49108 Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
CVE-2026-40757 Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
CVE-2026-39442 Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
CVE-2026-40738 Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
CVE-2025-69130 Unsafe Deserialization in wordpress (CVE-2025-69130)
vulnerability in wordpress (CVE-2025-69130). Successful exploitation can lead to full system takeover.
CVE-2026-40752 Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →