Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1676

1676 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store — Apache Camel--2026-04-27
CVE-2026-33454 Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant) — Apache Camel--2026-04-27
CVE-2026-40858 Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository — Apache Camel--2026-04-27
CVE-2026-41409 Apache MINA: CWE-502 Deserialization of Untrusted Data — Apache MINA 9.8 Critical2026-04-27
CVE-2026-41635 Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE — Apache MINA 9.8 Critical2026-04-27
CVE-2026-40860 Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp — Apache Camel--2026-04-27
CVE-2026-40048 Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager — Apache Camel PQC--2026-04-27
CVE-2026-40473 Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP — Apache Camel Mina--2026-04-27
CVE-2025-62233 Apache DolphinScheduler: Deserialization of untrusted data in RPC — Apache DolphinScheduler 8.8AIHighAI2026-04-24
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability — Microsoft Bing 10.0 Critical2026-04-23
CVE-2026-26210 KTransformers Unsafe Deserialization RCE via balance_serve — ktransformers 9.8 Critical2026-04-23
CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC — LeRobot 9.8AICriticalAI2026-04-23
CVE-2025-62373 Pipecat vulnerable to Remote Code Execution by Pickle Deserialization via LivekitFrameSerializer — pipecat 9.8 Critical2026-04-23
CVE-2026-6857 Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization — Red Hat build of Apache Camel 4 for Quarkus 3 7.5 High2026-04-22
CVE-2026-6023 Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX — Telerik UI for ASP.NET AJAX 8.1 High2026-04-22
CVE-2026-39467 WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - PHP Object Injection vulnerability — Responsive Slider by MetaSlider 7.2 High2026-04-21
CVE-2026-25524 OpenMage LTS's Phar Deserialization leads to Remote Code Execution — magento-lts 8.1 High2026-04-20
CVE-2026-25917 Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5) — Apache Airflow 9.8AICriticalAI2026-04-18
CVE-2026-40901 DataEase: Quartz Deserialization → Remote Code Execution — dataease 8.8AIHighAI2026-04-16
CVE-2025-15610 OpenText RightFax 安全漏洞 — RightFax 9.8 -2026-04-15
CVE-2026-27303 Adobe Connect | Deserialization of Untrusted Data (CWE-502) — Adobe Connect 9.6 Critical2026-04-14
CVE-2026-34615 Adobe Connect | Deserialization of Untrusted Data (CWE-502) — Adobe Connect 9.3 Critical2026-04-14
CVE-2026-32192 Azure Monitor Agent Elevation of Privilege Vulnerability — Azure Monitor 7.8 High2026-04-14
CVE-2026-32184 Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability — Microsoft HPC Pack 2019 7.8 High2026-04-14
CVE-2026-3017 Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection — Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts 7.2 High2026-04-14
CVE-2026-40044 Pachno 1.0.6 FileCache Deserialization Remote Code Execution — Pachno 9.8 Critical2026-04-13
CVE-2026-1462 Safe Mode Bypass in keras-team/keras — keras-team/keras 7.5 -2026-04-13
CVE-2026-33858 Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API — Apache Airflow 9.8 -2026-04-13
CVE-2026-35337 Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling — Apache Storm Client 8.8 -2026-04-13
CVE-2026-25204 SAMSUNG Escargot 安全漏洞 — Escargot 6.2 Medium2026-04-13

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.