Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-27779 Applio allows unsafe deserialization in model_blender.py — Applio 9.8 -2025-03-19
CVE-2025-27781 Applio allows unsafe deserialization in inference.py — Applio 9.8 -2025-03-19
CVE-2025-27780 Applio allows unsafe deserialization in model_information.py — Applio 9.8 -2025-03-19
CVE-2025-29783 vLLM Allows Remote Code Execution via Mooncake Integration — vllm 9.1 Critical2025-03-19
CVE-2024-13410 CozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handler — CozyStay - Hotel Booking WordPress Theme 9.8 Critical2025-03-19
CVE-2025-2376 viames Pair Framework PHP Object UserRemember.php getCookieContent deserialization — Pair Framework 7.3 High2025-03-17
CVE-2025-26921 WordPress Booking and Rental Manager Plugin <= 2.2.6 - PHP Object Injection vulnerability — Booking and Rental Manager 8.8 High2025-03-15
CVE-2025-2000 Qiskit SDK code execution — Qiskit SDK 9.8 Critical2025-03-14
CVE-2024-13824 CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection — CiyaShop - Multipurpose WooCommerce Theme 9.8 Critical2025-03-14
CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection — All-in-One WP Migration and Backup 7.5 High2025-03-13
CVE-2025-27925 Nintex Automation 代码问题漏洞 — Automation 8.5 High2025-03-10
CVE-2024-13906 Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection — Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress 7.2 High2025-03-07
CVE-2025-2043 LinZhaoguan pb-cms Add New Topic admin#themes deserialization — pb-cms 4.7 Medium2025-03-06
CVE-2024-12742 Deserialization of Untrusted Data Vulnerability in NI G Web Development Software — G Web Development Software 7.8 High2025-03-06
CVE-2024-13787 VEDA - MultiPurpose WordPress Theme <= 4.2 - Authenticated (Subscriber+) PHP Object Injection — VEDA - MultiPurpose WordPress Theme 9.8 Critical2025-03-05
CVE-2024-13777 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection — ZoomSounds - WordPress Wave Audio Player with Playlist 8.1 High2025-03-05
CVE-2025-0956 WooCommerce Recover Abandoned Cart <= 24.4.0 - Unauthenticated PHP Object Injection — WooCommerce Recover Abandoned Cart 8.1 High2025-03-05
CVE-2025-0912 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection — GiveWP – Donation Plugin and Fundraising Platform 9.8 Critical2025-03-04
CVE-2024-47092 Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api 9.8 -2025-03-03
CVE-2025-26967 WordPress Events Calendar for GeoDirectory plugin <= 2.3.14 - PHP Object Injection vulnerability — Events Calendar for GeoDirectory 8.8 High2025-03-03
CVE-2025-26885 WordPress Assistant Plugin <= 1.5.1 - PHP Object Injection vulnerability — WordPress Assistant 9.8 -2025-03-03
CVE-2025-26999 WordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerability — ProfileGrid 8.8 High2025-03-03
CVE-2024-13833 Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta — Album Gallery 7.2 High2025-03-01
CVE-2025-0769 PixelYourSite 10.1.1.1 - Insecure deserialization 8.8 -2025-02-28
CVE-2024-13831 Tabs for WooCommerce <= 1.0.0 - Authentiated (Shop Manager+) PHP Object Injection in product_has_custom_tabs — Tabs for WooCommerce 7.2 High2025-02-28
CVE-2025-0767 WP Activity Log 5.3.2 - Insecure deserialization — WP Activity Log 9.8 -2025-02-27
CVE-2025-1741 b1gMail Admin Page users.php deserialization — b1gMail 4.7 Medium2025-02-27
CVE-2025-26900 WordPress Flexmls® IDX Plugin Plugin <= 3.14.27 - PHP Object Injection vulnerability — Flexmls® IDX 9.8 Critical2025-02-25
CVE-2025-27301 WordPress NHR Options Table Manager Plugin <= 1.1.2 - Deserialization of untrusted data vulnerability — NHR Options Table Manager 7.2 High2025-02-24
CVE-2025-27300 WordPress ADFO plugin <= 1.9.1 - Deserialization of untrusted data vulnerability — ADFO 7.2 High2025-02-24

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.