Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1675

1675 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer — wolfSSL 8.1AIHighAI2026-04-09
CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection — Nexus Repository 7.2AIHighAI2026-04-08
CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading — PraisonAI 9.8 Critical2026-04-08
CVE-2026-32590 Mirror-registry: remote code execution using pickle deserialization — mirror registry for Red Hat OpenShift 7.1 High2026-04-08
CVE-2026-3296 Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder 9.8 Critical2026-04-08
CVE-2026-3357 IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file — Langflow Desktop 8.8 High2026-04-08
CVE-2026-33439 Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM — OpenAM 9.8AICriticalAI2026-04-07
CVE-2026-24156 NVIDIA DALI 代码问题漏洞 — DALI 7.3 High2026-04-07
CVE-2026-35464 pyLoad has an incomplete fix for CVE-2026-33509: unprotected storage_folder enables arbitrary file write to Flask session store and code execution — pyload 7.5 High2026-04-07
CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers — huggingface/transformers 9.8AICriticalAI2026-04-07
CVE-2026-5659 pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization — datrie 6.3 Medium2026-04-06
CVE-2026-5536 FedML-AI FedML gRPC server grpc_server.py sendMessage deserialization — FedML 7.3 High2026-04-05
CVE-2026-5473 NASA cFS Pickle pickle.load deserialization — cFS 4.5 Medium2026-04-03
CVE-2026-35537 Roundcube Webmail 代码问题漏洞 — Webmail 3.7 Low2026-04-03
CVE-2026-34838 Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection` — groupoffice 10.0 Critical2026-04-02
CVE-2026-29782 OpenSTAManager: Remote Code Execution via Insecure Deserialization in OAuth2 — openstamanager 7.2 High2026-04-02
CVE-2026-24165 NVIDIA BioNeMo 代码问题漏洞 — BioNeMo Framework 7.8 High2026-03-31
CVE-2026-24164 NVIDIA BioNeMo 代码问题漏洞 — BioNeMo Framework 8.8 High2026-03-31
CVE-2026-4266 WatchGuard Firebox Insecure Deserialization in Fireware Access Portal — Fireware OS 7.8 -2026-03-30
CVE-2026-4416 GIGABYTE|Performance Library - Insecure Deserialization — Performance Library 7.8 High2026-03-30
CVE-2026-4851 GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization — GRID::Machine 9.8 -2026-03-29
CVE-2026-33728 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution — dd-trace-java 8.1 -2026-03-27
CVE-2026-33725 Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import — metabase 7.2 High2026-03-27
CVE-2026-33701 OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution — opentelemetry-java-instrumentation 8.1 -2026-03-27
CVE-2026-4860 648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization — wvp-GB28181-pro 7.3 High2026-03-26
CVE-2026-3328 Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts — Frontend Admin by DynamiApps 7.2 High2026-03-26
CVE-2026-33942 Saloon has insecure deserialization in AccessTokenAuthenticator (object injection / RCE) — saloon 8.8 -2026-03-26
CVE-2026-32513 WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability — JS Archive List 8.8 -2026-03-25
CVE-2026-32512 WordPress Pelicula theme < 1.10 - PHP Object Injection vulnerability — Pelicula 9.8 -2026-03-25
CVE-2026-32511 WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability — Stål 9.8 -2026-03-25

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1675 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.