Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-31422 WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability — Visual Art | Gallery WordPress Theme 8.8 High2025-07-16
CVE-2025-53990 WordPress JetFormBuilder plugin <= 3.5.1.2 - PHP Object Injection Vulnerability — JetFormBuilder 7.2 High2025-07-16
CVE-2025-49841 GHSL-2025-053: GPT-SoVITS Deserialization of Untrusted Data vulnerability — GPT-SoVITS 9.8AICriticalAI2025-07-15
CVE-2025-49840 GHSL-2025-052: GPT-SoVITS Deserialization of Untrusted Data vulnerability — GPT-SoVITS 9.8AICriticalAI2025-07-15
CVE-2025-49839 GHSL-2025-051: GPT-SoVITS Deserialization of Untrusted Data vulnerability — GPT-SoVITS 9.8AICriticalAI2025-07-15
CVE-2025-49838 GHSL-2025-050: GPT-SoVITS Deserialization of Untrusted Data vulnerability — GPT-SoVITS 9.8AICriticalAI2025-07-15
CVE-2025-49837 GHSL-2025-049: GPT-SoVITS Deserialization of Untrusted Data vulnerability — GPT-SoVITS 9.8AICriticalAI2025-07-15
CVE-2025-7504 Friends 3.5.1 - Authenticated (Subscriber+) PHP Object Injection — Friends 7.5 High2025-07-12
CVE-2025-30025 AXIS多款产品 安全漏洞 — AXIS Device Manager 7.8AIHighAI2025-07-11
CVE-2025-30023 AXIS多款产品 安全漏洞 — AXIS Camera Station Pro 9.0 Critical2025-07-11
CVE-2025-6742 SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) Triggered via Admin Submission Deletion — SureForms – Drag and Drop Form Builder for WordPress 7.5 High2025-07-09
CVE-2025-7216 lty628 Aidigu PHP Object common.php checkUserCookie deserialization — Aidigu 7.3 High2025-07-09
CVE-2025-49533 Adobe Experience Manager (MS) | Deserialization of Untrusted Data (CWE-502) — Adobe Experience Manager (MS) 9.8 Critical2025-07-08
CVE-2025-27203 Adobe Connect | Deserialization of Untrusted Data (CWE-502) — Adobe Connect 9.6 Critical2025-07-08
CVE-2025-47994 Microsoft Office Elevation of Privilege Vulnerability — Microsoft 365 Apps for Enterprise 7.8 High2025-07-08
CVE-2025-42980 Insecure Deserialization in SAP NetWeaver Enterprise Portal Federated Portal Network — SAP NetWeaver Enterprise Portal Federated Portal Network 9.1 Critical2025-07-08
CVE-2025-42966 Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service) — SAP NetWeaver (XML Data Archiving Service) 9.1 Critical2025-07-08
CVE-2025-42964 Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration — SAP NetWeaver Enterprise Portal Administration 9.1 Critical2025-07-08
CVE-2025-42963 Insecure Deserialization in SAP NetWeaver Application Server for Java (Log Viewer ) — SAP NetWeaver Application Server for Java (Log Viewer ) 9.1 Critical2025-07-08
CVE-2025-6811 Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability — ActiveReports.NET 9.8AICriticalAI2025-07-07
CVE-2025-6810 Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability — ActiveReports.NET 9.8AICriticalAI2025-07-07
CVE-2025-7099 BoyunCMS Installation install2.php deserialization — BoyunCMS 5.6 Medium2025-07-06
CVE-2025-52828 WordPress Red Art theme <= 3.8 - PHP Object Injection Vulnerability — Red Art 8.8 High2025-07-04
CVE-2025-49417 WordPress WooCommerce Product Multi-Action plugin <= 1.3 - Deserialization of untrusted data Vulnerability — WooCommerce Product Multi-Action 9.8 Critical2025-07-04
CVE-2025-34067 Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson — Integrated Security Management Platform 9.8AICriticalAI2025-07-02
CVE-2024-13786 Education Center | LMS & Online Courses WordPress Theme <= 3.6.10 - PHP Object Injection — Education Center | LMS & Online Courses WordPress Theme 9.8 Critical2025-07-02
CVE-2025-6464 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion — Forminator Forms – Contact Form, Payment Form & Custom Form Builder 7.5 High2025-07-02
CVE-2025-34060 Monero Forum Remote Code Execution via Arbitrary File Read and Cookie Forgery — Forum 9.8AICriticalAI2025-07-01
CVE-2025-53416 File Parsing Deserialization of Untrusted Data in DTN Soft — DTN Soft 7.8 High2025-06-30
CVE-2025-53415 File Parsing Deserialization of Untrusted Data in DTM Soft — DTM Soft 7.8 High2025-06-30

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.