Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-502 Clear
ID Title
CVE-2022-29528 An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
CVE-2021-27852 KEV [KEV] Unsafe Deserialization in checkbox (CVE-2021-27852)
vulnerability in checkbox (CVE-2021-27852). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-42237 KEV [KEV] Unsafe Deserialization in Sitecore xp (CVE-2021-42237)
vulnerability in Sitecore xp (CVE-2021-42237). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2019-6340 KEV [KEV] Unsafe Deserialization in Drupal core (CVE-2019-6340)
vulnerability in Drupal core (CVE-2019-6340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-10068 KEV [KEV] Unsafe Deserialization in Kentico xperience (CVE-2019-10068)
vulnerability in Kentico xperience (CVE-2019-10068). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-1000861 KEV [KEV] Unsafe Deserialization in jenkins (CVE-2018-1000861)
vulnerability in jenkins (CVE-2018-1000861). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-42631 Unsafe Deserialization in printerlogic (CVE-2021-42631)
vulnerability in printerlogic (CVE-2021-42631). Successful exploitation can lead to full system takeover.
CVE-2022-23302 Unsafe Deserialization in apache (CVE-2022-23302)
vulnerability in apache (CVE-2022-23302). Successful exploitation can lead to full system takeover.
CVE-2022-23307 Unsafe Deserialization in apache (CVE-2022-23307)
vulnerability in apache (CVE-2022-23307). Successful exploitation can lead to full system takeover.
CVE-2021-4104 Unsafe Deserialization in apache (CVE-2021-4104)
vulnerability in apache (CVE-2021-4104). Successful exploitation can lead to full system takeover.
CVE-2017-12149 KEV [KEV] Unsafe Deserialization in Red hat red-hat (CVE-2017-12149)
vulnerability in Red hat red-hat (CVE-2017-12149). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-44228 KEV [KEV] Vulnerability in Apache log4j2 (CVE-2021-44228)
vulnerability in Apache log4j2 (CVE-2021-44228). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-42321 KEV [KEV] Vulnerability in Microsoft exchange (CVE-2021-42321)
vulnerability in Microsoft exchange (CVE-2021-42321). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-4939 KEV [KEV] Unsafe Deserialization in Adobe coldfusion (CVE-2018-4939)
vulnerability in Adobe coldfusion (CVE-2018-4939). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-9805 KEV [KEV] Unsafe Deserialization in Apache struts (CVE-2017-9805)
vulnerability in Apache struts (CVE-2017-9805). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-35464 KEV [KEV] Unsafe Deserialization in Forgerock access-management-am (CVE-2021-35464)
vulnerability in Forgerock access-management-am (CVE-2021-35464). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-7961 KEV [KEV] Unsafe Deserialization in liferay (CVE-2020-7961)
vulnerability in liferay (CVE-2020-7961). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-17144 KEV [KEV] Unsafe Deserialization in Microsoft exchange-server (CVE-2020-17144)
vulnerability in Microsoft exchange-server (CVE-2020-17144). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-26857 KEV [KEV] Unsafe Deserialization in Microsoft exchange-server (CVE-2021-26857)
vulnerability in Microsoft exchange-server (CVE-2021-26857). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-2555 KEV [KEV] Unsafe Deserialization in Oracle multiple-products (CVE-2020-2555)
vulnerability in Oracle multiple-products (CVE-2020-2555). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2015-4852 KEV [KEV] Unsafe Deserialization in Oracle weblogic-server (CVE-2015-4852)
vulnerability in Oracle weblogic-server (CVE-2015-4852). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-18935 KEV [KEV] Unsafe Deserialization in Progress telerik-ui-for-aspnet-ajax (CVE-2019-18935)
vulnerability in Progress telerik-ui-for-aspnet-ajax (CVE-2019-18935). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-10189 KEV [KEV] Unsafe Deserialization in Zoho manageengine (CVE-2020-10189)
vulnerability in Zoho manageengine (CVE-2020-10189). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-24914 Unsafe Deserialization in qcubed (CVE-2020-24914)
vulnerability in qcubed (CVE-2020-24914). Successful exploitation can lead to full system takeover.
CVE-2020-24036 Unsafe Deserialization in fork-cms (CVE-2020-24036)
vulnerability in fork-cms (CVE-2020-24036). Successful exploitation can lead to full system takeover.
CVE-2019-17571 Unsafe Deserialization in log4j:log4j (CVE-2019-17571)
vulnerability in log4j:log4j (CVE-2019-17571). Successful exploitation can lead to full system takeover.
CVE-2014-9515 Unsafe Deserialization in dozer-project (CVE-2014-9515)
vulnerability in dozer-project (CVE-2014-9515). Successful exploitation can lead to full system takeover.
CVE-2017-5641 Unsafe Deserialization in apache (CVE-2017-5641)
vulnerability in apache (CVE-2017-5641). Successful exploitation can lead to full system takeover.
CVE-2017-17672 Unsafe Deserialization in deserialization (CVE-2017-17672)
vulnerability in deserialization (CVE-2017-17672). Successful exploitation can lead to full system takeover.
CVE-2017-11283 Unsafe Deserialization in deserialization (CVE-2017-11283)
vulnerability in deserialization (CVE-2017-11283). Successful exploitation can lead to full system takeover.
CVE-2017-11284 Unsafe Deserialization in deserialization (CVE-2017-11284)
vulnerability in deserialization (CVE-2017-11284). Successful exploitation can lead to full system takeover.
CVE-2017-1000207 Unsafe Deserialization in swagger (CVE-2017-1000207)
vulnerability in swagger (CVE-2017-1000207). Successful exploitation can lead to full system takeover.
CVE-2017-4995 Unsafe Deserialization in deserialization (CVE-2017-4995)
vulnerability in deserialization (CVE-2017-4995). Successful exploitation can lead to full system takeover.
CVE-2017-8045 Unsafe Deserialization in pivotal-software (CVE-2017-8045)
vulnerability in pivotal-software (CVE-2017-8045). Successful exploitation can lead to full system takeover.
CVE-2017-1000248 Redis-store
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
CVE-2017-1000208 Unsafe Deserialization in swagger (CVE-2017-1000208)
vulnerability in swagger (CVE-2017-1000208). Successful exploitation can lead to full system takeover.
CVE-2017-1000195 Unsafe Deserialization in octobercms (CVE-2017-1000195)
vulnerability in octobercms (CVE-2017-1000195). Data can be tampered with by attackers.
CVE-2017-12633 Unsafe Deserialization in apache (CVE-2017-12633)
vulnerability in apache (CVE-2017-12633). Successful exploitation can lead to full system takeover.
CVE-2017-12634 Unsafe Deserialization in apache (CVE-2017-12634)
vulnerability in apache (CVE-2017-12634). Successful exploitation can lead to full system takeover.
CVE-2015-7501 Unsafe Deserialization in apache (CVE-2015-7501)
vulnerability in apache (CVE-2015-7501). Successful exploitation can lead to full system takeover.
CVE-2017-1000148 Unsafe Deserialization in mahara (CVE-2017-1000148)
vulnerability in mahara (CVE-2017-1000148). Successful exploitation can lead to full system takeover.
CVE-2016-5003 Unsafe Deserialization in apache (CVE-2016-5003)
vulnerability in apache (CVE-2016-5003). Successful exploitation can lead to full system takeover.
CVE-2017-12796 Unsafe Deserialization in openmrs (CVE-2017-12796)
vulnerability in openmrs (CVE-2017-12796). Successful exploitation can lead to full system takeover.
CVE-2017-12628 Unsafe Deserialization in apache (CVE-2017-12628)
vulnerability in apache (CVE-2017-12628). Successful exploitation can lead to full system takeover.
CVE-2015-5164 Unsafe Deserialization in pulpproject (CVE-2015-5164)
vulnerability in pulpproject (CVE-2015-5164). Successful exploitation can lead to full system takeover.
CVE-2016-8736 Unsafe Deserialization in apache (CVE-2016-8736)
vulnerability in apache (CVE-2016-8736). Successful exploitation can lead to full system takeover.
CVE-2017-0903 Unsafe Deserialization in deserialization (CVE-2017-0903)
vulnerability in deserialization (CVE-2017-0903). Successful exploitation can lead to full system takeover.
CVE-2017-0806 Unsafe Deserialization in google (CVE-2017-0806)
vulnerability in google (CVE-2017-0806). Successful exploitation can lead to full system takeover.
CVE-2017-14702 Unsafe Deserialization in deserialization (CVE-2017-14702)
vulnerability in deserialization (CVE-2017-14702). Successful exploitation can lead to full system takeover.
CVE-2017-10932 Unsafe Deserialization in c (CVE-2017-10932)
vulnerability in c (CVE-2017-10932). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →