Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1676

1676 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-47553 WordPress DZS Video Gallery plugin <= 12.25 - PHP Object Injection vulnerability — DZS Video Gallery 8.8 High2026-01-06
CVE-2025-31047 WordPress Themify Edmin theme <= 2.0.0 - PHP Object Injection Vulnerability — Themify Edmin 8.8 High2026-01-05
CVE-2025-15453 milvus HTTP Endpoint expr.go expr.Exec deserialization — milvus 6.3 Medium2026-01-05
CVE-2025-15438 PluXml Media Management medias.php __destruct deserialization — PluXml 4.7 Medium2026-01-02
CVE-2025-11157 Arbitrary Code Execution in feast-dev/feast — feast-dev/feast 7.2 -2026-01-01
CVE-2025-15276 FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability — FontForge 7.8 -2025-12-31
CVE-2025-15375 EyouCMS arcpagelist Ajax.php unserialize deserialization — EyouCMS 6.3 Medium2025-12-31
CVE-2025-15246 aizuda snail-job API FurySerializer.deserialize deserialization — snail-job 6.3 Medium2025-12-30
CVE-2025-15222 Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization — Sa-Token 5.0 Medium2025-12-30
CVE-2025-15117 Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization — Sa-Token 3.1 Low2025-12-28
CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load() — lmdeploy 8.8 High2025-12-26
CVE-2025-68038 WordPress Icegram Express Pro plugin < 5.9.14 - PHP Object Injection vulnerability — Icegram Express Pro 7.2 High2025-12-24
CVE-2025-68665 LangChain serialization injection vulnerability enables secret extraction — langchainjs 8.6 High2025-12-23
CVE-2025-68664 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs — langchain 9.3 Critical2025-12-23
CVE-2025-13715 Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability — FaceDetection-DSFD 7.8AIHighAI2025-12-23
CVE-2025-13709 Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability — TFace 7.8AIHighAI2025-12-23
CVE-2025-13711 Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability — TFace 7.8AIHighAI2025-12-23
CVE-2025-13706 Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability — PatrickStar 7.8AIHighAI2025-12-23
CVE-2025-13708 Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability — NeuralNLP-NeuralClassifier 7.8AIHighAI2025-12-23
CVE-2025-13716 Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability — MimicMotion 7.8AIHighAI2025-12-23
CVE-2025-13714 Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability — MedicalNet 7.8AIHighAI2025-12-23
CVE-2025-13710 Tencent HunyuanVideo load_vae Deserialization of Untrusted Data Remote Code Execution Vulnerability — HunyuanVideo 7.8AIHighAI2025-12-23
CVE-2025-13707 Tencent HunyuanDiT model_resume Deserialization of Untrusted Data Remote Code Execution Vulnerability — HunyuanDiT 7.8AIHighAI2025-12-23
CVE-2025-13712 Tencent HunyuanDiT merge Deserialization of Untrusted Data Remote Code Execution Vulnerability — HunyuanDiT 7.8AIHighAI2025-12-23
CVE-2025-13713 Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution Vulnerability — Hunyuan3D-1 7.8AIHighAI2025-12-23
CVE-2025-14925 Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability — Accelerate 7.8AIHighAI2025-12-23
CVE-2025-14922 Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability — Diffusers 7.8AIHighAI2025-12-23
CVE-2025-14931 Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability — smolagents 9.8AICriticalAI2025-12-23
CVE-2025-14930 Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability — Transformers 7.8AIHighAI2025-12-23
CVE-2025-14924 Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability — Transformers 7.8AIHighAI2025-12-23

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.