Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-52414 WordPress WDES Responsive Mobile Menu plugin <= 5.3.18 - PHP Object Injection vulnerability — WDES Responsive Mobile Menu 9.8 Critical2024-11-16
CVE-2021-3838 PHAR Deserialization in dompdf/dompdf — dompdf/dompdf 8.8 -2024-11-15
CVE-2024-37285 Kibana arbitrary code execution via YAML deserialization — Kibana 9.1 Critical2024-11-14
CVE-2024-10962 Migration, Backup, Staging – WPvivid <= 0.9.107 - Unauthenticated PHP Object Injection — WPvivid — Backup, Migration & Staging 8.8 High2024-11-14
CVE-2024-10012 Progress UI for WPF format provider unsafe deserialization vulnerability — Telerik UI for WPF 7.8 High2024-11-13
CVE-2024-10013 Progress UI for WinForms format provider unsafe deserialization vulnerability — Telerik UI for WinForms 7.8 High2024-11-13
CVE-2024-52306 FileManager Deserialization of Untrusted Data — FileManager 7.7 High2024-11-13
CVE-2024-10828 Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details — Advanced Order Export For WooCommerce 8.1 High2024-11-13
CVE-2024-8069 Limited remote code execution with privilege of a NetworkService Account access — Citrix Session Recording 8.8AIHighAI2024-11-12
CVE-2024-44102 Siemens PP TeleControl Server 代码问题漏洞 — PP TeleControl Server Basic 1000 to 5000 V3.1 10.0 Critical2024-11-12
CVE-2023-32736 Siemens多款产品 代码问题漏洞 — SIMATIC S7-PLCSIM V16 7.3 High2024-11-12
CVE-2024-10749 ThinkAdmin Plugs.php script deserialization — ThinkAdmin 5.0 Medium2024-11-04
CVE-2024-43383 Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator — Apache Lucene.Net.Replicator 8.0 High2024-10-31
CVE-2024-10456 Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data — InfraSuite Device Master 9.8 Critical2024-10-30
CVE-2024-50507 WordPress DS.DownloadList plugin <= 1.3 - PHP Object Injection vulnerability — DS.DownloadList 9.8 Critical2024-10-30
CVE-2024-50408 WordPress Namaste! LMS plugin <= 2.6.3 - PHP Object Injection vulnerability — Namaste! LMS 8.8 High2024-10-28
CVE-2024-50416 WordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.6 - PHP Object Injection vulnerability — WPC Shop as a Customer for WooCommerce 8.8 High2024-10-28
CVE-2024-49684 WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.21 - PHP Object Injection vulnerability — Backup and Staging by WP Time Capsule 7.2 High2024-10-23
CVE-2024-49332 WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability — Giveaway Boost 9.8 Critical2024-10-20
CVE-2024-49624 WordPress Advanced Advertising System plugin <= 1.3.1 - PHP Object Injection vulnerability — Advanced Advertising System 9.8 Critical2024-10-20
CVE-2024-49625 WordPress SiteBuilder Dynamic Components plugin <= 1.0 - PHP Object Injection vulnerability — SiteBuilder Dynamic Components 9.8 -2024-10-20
CVE-2024-49626 WordPress Shipyaari Shipping Management plugin <= 1.2 - PHP Object Injection vulnerability — Shipyaari Shipping Management 9.8 -2024-10-20
CVE-2024-10079 WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) PHP Object Injection — WP Easy Post Types 8.8 High2024-10-18
CVE-2024-49318 WordPress My Reading Library plugin <= 1.0 - PHP Object Injection vulnerability — My Reading Library 9.8 Critical2024-10-17
CVE-2024-47836 Admidio vulnerable to HTML Injection In The Messages Section — admidio 3.5 Low2024-10-16
CVE-2024-48026 WordPress Disc Golf Manager plugin <= 1.0.0 - PHP Object Injection vulnerability — Disc Golf Manager 9.8 Critical2024-10-16
CVE-2024-48028 WordPress IP Loc8 plugin <= 1.1 - PHP Object Injection vulnerability — IP Loc8 9.8 Critical2024-10-16
CVE-2024-48030 WordPress Telecash Ricaricaweb plugin <= 2.2 - PHP Object Injection vulnerability — Telecash Ricaricaweb 9.8 Critical2024-10-16
CVE-2024-49218 WordPress Recently plugin <= 1.1 - PHP Object Injection vulnerability — Recently 8.8 -2024-10-16
CVE-2024-49226 WordPress TAKETIN To WP Membership plugin <= 2.8.17 - PHP Object Injection vulnerability — TAKETIN To WP Membership 8.8 -2024-10-16

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.