Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1676

1676 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-10164 lmsys sglang update_weights_from_tensor main deserialization — sglang 7.3 High2025-09-09
CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability — Microsoft HPC Pack 2019 9.8 Critical2025-09-09
CVE-2025-54897 Microsoft SharePoint Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 8.8 High2025-09-09
CVE-2025-53303 WordPress ThemeMove Core Plugin <= 1.4.2 - PHP Object Injection Vulnerability — ThemeMove Core 8.8 High2025-09-09
CVE-2025-48101 WordPress Constant Contact for WordPress Plugin <= 4.1.1 - PHP Object Injection Vulnerability — Constant Contact for WordPress 8.8 High2025-09-09
CVE-2025-47579 WordPress Photography Theme <= 7.7.2 - PHP Object Injection Vulnerability — Photography 9.0 Critical2025-09-09
CVE-2025-41701 Beckhoff: Deserialization of untrusted data by TwinCAT 3 Engineering — TE1000 | TwinCAT 3 Enineering 7.8 High2025-09-09
CVE-2025-42944 Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4) — SAP Netweaver (RMI-P4) 10.0 Critical2025-09-09
CVE-2025-58757 MONAI's unsafe use of Pickle deserialization may lead to RCE — MONAI 8.8 High2025-09-08
CVE-2025-58756 MONAI's unsafe torch usage may lead to arbitrary code execution — MONAI 8.8 High2025-09-08
CVE-2025-58782 Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory — Apache Jackrabbit Core 9.8AICriticalAI2025-09-08
CVE-2025-58839 WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability — eDS Responsive Menu 7.2 High2025-09-05
CVE-2025-58815 WordPress Aitasi Coming Soon Plugin <= 2.0.2 - Deserialization of untrusted data Vulnerability — Aitasi Coming Soon 7.2 High2025-09-05
CVE-2025-53690 Sitecore Products ViewState Deserialization Vulnerability — Experience Manager (XM) 9.0 Critical2025-09-03
CVE-2025-9365 Fuji Electric FRENIC-Loader 4 Deserialization of Untrusted Data — FRENIC-Loader 4 7.8 High2025-09-03
CVE-2025-58643 WordPress LTL Freight Quotes – Daylight Edition Plugin <= 2.2.7 - PHP Object Injection Vulnerability — LTL Freight Quotes – Daylight Edition 7.2 High2025-09-03
CVE-2025-58644 WordPress LTL Freight Quotes - TQL Edition Plugin <= 1.2.6 - PHP Object Injection Vulnerability — LTL Freight Quotes - TQL Edition 7.2 High2025-09-03
CVE-2025-58642 WordPress LTL Freight Quotes – Day & Ross Edition Plugin <= 2.1.11 - PHP Object Injection Vulnerability — LTL Freight Quotes – Day & Ross Edition 7.2 High2025-09-03
CVE-2025-53691 Sitecore Experience Remote Code Execution through Insecure Deserialization — Experience Manager (XM) 8.8 High2025-09-03
CVE-2025-58163 FreeScout's deserialization of untrusted data can lead to Remote Code Execution — freescout 7.5AIHighAI2025-09-03
CVE-2025-9260 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 6.5 Medium2025-09-02
CVE-2025-7976 Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability — ShockLine 7.8 -2025-09-02
CVE-2025-9188 Deserialization of Untrusted Data when parsing a DSB file with Digilent DASYLab — DASYLab 7.8 High2025-09-02
CVE-2025-5662 Deserialization Vulnerability in h2oai/h2o-3 — h2oai/h2o-3 9.8 -2025-09-02
CVE-2024-28988 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability — Web Help Desk 9.8 Critical2025-09-01
CVE-2025-6507 Deserialization of Untrusted Data in h2oai/h2o-3 — h2oai/h2o-3 9.8 -2025-09-01
CVE-2025-54742 WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability — WpEvently 8.8 High2025-08-28
CVE-2025-53584 WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - PHP Object Injection Vulnerability — WP Ticket Customer Service Software & Support Ticket System 8.1 High2025-08-28
CVE-2025-53583 WordPress Employee Spotlight Plugin <= 5.1.1 - PHP Object Injection Vulnerability — Employee Spotlight 8.1 High2025-08-28
CVE-2025-53572 WordPress WP Easy Contact Plugin <= 4.0.1 - PHP Object Injection Vulnerability — WP Easy Contact 8.1 High2025-08-28

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.