Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12138 horilla create_skills deserialization — horilla 6.3 Medium2024-12-04
CVE-2024-10587 Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free 8.8 High2024-12-04
CVE-2024-52338 Apache Arrow R package: Arbitrary code execution when loading a malicious data file — Apache Arrow R package 9.8AICriticalAI2024-11-28
CVE-2024-53673 Hewlett Packard Enterprise Insight Remote Support 安全漏洞 — Insight Remote Support 8.1 High2024-11-26
CVE-2024-11145 Easy Folder Listing Pro deserialization vulnerability — Easy Folder Listing Pro 9.8 Critical2024-11-26
CVE-2024-11662 welliamcao OpsManage API Endpoint deploy_api.py deploy_host_vars deserialization — OpsManage 6.3 Medium2024-11-25
CVE-2024-9511 FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider <= 2.2.82 - Unauthenticated PHP Object Injection — FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider 9.8 Critical2024-11-23
CVE-2024-11394 Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability — Transformers 7.8 -2024-11-22
CVE-2024-11393 Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability — Transformers 7.8 -2024-11-22
CVE-2024-11392 Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability — Transformers 7.8 -2024-11-22
CVE-2024-5580 Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability — Allegra 8.8 -2024-11-22
CVE-2024-5579 Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability — Allegra 8.8 -2024-11-22
CVE-2023-51642 Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability — Allegra 8.8 -2024-11-22
CVE-2023-51641 Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability — Allegra 8.8 -2024-11-22
CVE-2024-11409 Grid View Gallery <= 1.0 - Authenticated (Editor+) PHP Object Injection — Grid View Gallery 7.2 High2024-11-21
CVE-2024-10913 Clone <= 2.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialized_replace' — Clone 8.8 High2024-11-20
CVE-2024-52439 WordPress Team Rosters plugin <= 4.8.2 - PHP Object Injection vulnerability — Team Rosters 9.8 Critical2024-11-20
CVE-2024-52440 WordPress Xpresslane Fast Checkout plugin <= 1.0.0 - PHP Object Injection vulnerability — Xpresslane Fast Checkout 9.8 Critical2024-11-20
CVE-2024-52443 WordPress Geolocator plugin <= 1.1 - PHP Object Injection vulnerability — Geolocator 9.8 Critical2024-11-20
CVE-2024-52445 WordPress QRMenu Restaurant QR Menu Lite plugin <= 1.0.4 - PHP Object Injection vulnerability — QRMenu Restaurant QR Menu Lite 8.8 High2024-11-20
CVE-2024-10382 Arbitrary Code execution in Car App Android Jetpack Library — Android 7.8AIHighAI2024-11-20
CVE-2024-52430 WordPress Lis Video Gallery plugin <= 0.2.1 - PHP Object Injection vulnerability — Lis Video Gallery 9.8 Critical2024-11-18
CVE-2024-52432 WordPress NIX Anti-Spam Light plugin <= 0.0.4 - PHP Object Injection vulnerability — NIX Anti-Spam Light 9.8 Critical2024-11-18
CVE-2024-52433 WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability — My Geo Posts Free 9.8 Critical2024-11-18
CVE-2024-41151 Apache HertzBeat: RCE by notice template injection vulnerability — Apache HertzBeat 8.8AIHighAI2024-11-18
CVE-2024-52409 WordPress AJAX Random Posts plugin <= 0.3.3 - PHP Object Injection vulnerability — AJAX Random Posts 9.8 Critical2024-11-16
CVE-2024-52410 WordPress Referrer Detector plugin <= 4.2.1.0 - PHP Object Injection vulnerability — Referrer Detector 9.8 Critical2024-11-16
CVE-2024-52411 WordPress Advanced Personalization plugin <= 1.1.2 - PHP Object Injection vulnerability — Advanced Personalization 9.8 Critical2024-11-16
CVE-2024-52412 WordPress Xin theme <= 1.0.8.1 - PHP Object Injection vulnerability — Xin 9.8 Critical2024-11-16
CVE-2024-52413 WordPress Airin Blog theme <= 1.6.1 - PHP Object Injection vulnerability — Airin Blog 9.8 Critical2024-11-16

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.