Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-49227 WordPress Free Stock Photos Foter plugin <= 1.5.4 - PHP Object Injection vulnerability — Free Stock Photos Foter 9.8 -2024-10-16
CVE-2021-4451 NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization — NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall 6.6 Medium2024-10-16
CVE-2024-9634 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution — GiveWP – Donation Plugin and Fundraising Platform 9.8 Critical2024-10-16
CVE-2024-9953 Potential DoS Vulnerability in CERT VINCE Software Before Version 3.0.8 — VINCE - Vulnerability Information and Coordination Environment 4.9AIMediumAI2024-10-14
CVE-2024-45733 Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows — Splunk Enterprise 8.8 High2024-10-14
CVE-2024-9917 HuangDou UTCMS template_creat.php deserialization — UTCMS 6.3 Medium2024-10-13
CVE-2024-48033 WordPress Talkback plugin <= 1.0 - PHP Object Injection vulnerability — Talkback 9.8 Critical2024-10-11
CVE-2024-47074 Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability — dataease 9.8AICriticalAI2024-10-11
CVE-2024-47636 WordPress WP JobSearch plugin <= 2.5.9 - PHP Object Injection vulnerability — JobSearch 9.8 Critical2024-10-10
CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j — pac4j 9.8AICriticalAI2024-10-10
CVE-2024-9005 Schneider Electric EcoStruxure Power Monitoring Expert 代码问题漏洞 — EcoStruxure Power Monitoring Expert (PME) 9.8AICriticalAI2024-10-08
CVE-2024-9314 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection — Rank Math SEO – AI SEO Tools to Dominate SEO Rankings 7.2 High2024-10-05
CVE-2024-47561 Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK) — Apache Avro Java SDK 9.8 -2024-10-03
CVE-2024-7434 UltraPress <= 1.2.2 - Authenticated (Contributor+) PHP Object Injection — UltraPress 8.8 High2024-10-01
CVE-2024-7433 Empowerment <= 1.0.2 - Authenticated (Contributor+) PHP Object Injection — Empowerment 8.8 High2024-10-01
CVE-2024-7432 Unseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection — Unseen Blog 8.8 High2024-10-01
CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue — Apache Lucene Replicator 5.1 Medium2024-09-30
CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection — GiveWP – Donation Plugin and Fundraising Platform 9.8 Critical2024-09-28
CVE-2024-8922 Product Enquiry for WooCommerce <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquiry_detail.php — PiWeb Product Enquiry or product catalog for WooCommerce 8.8 High2024-09-27
CVE-2024-43191 IBM ManageIQ command execution — Cloud Pak for Multicloud Management 7.2 High2024-09-26
CVE-2024-8316 Progress UI for WPF format provider unsafe deserialization vulnerability — Telerik UI for WPF 7.8 High2024-09-25
CVE-2024-7576 Progress UI for WPF format provider unsafe deserialization vulnerability — Telerik UI for WPF 7.8 High2024-09-25
CVE-2024-8514 Prisna GWT - Google Website Translator <= 1.4.11 - Authenticated (Admin+) PHP Object Injection — Prisna GWT – Google Website Translator 9.1 Critical2024-09-25
CVE-2022-2439 Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 3.3.3 - Authenticated (Admin+) PHAR Deserialization — Easy Digital Downloads – eCommerce Payments and Subscriptions made easy 7.2 High2024-09-24
CVE-2024-42323 Apache HertzBeat: RCE by snakeYaml deser load malicious xml — Apache HertzBeat 8.8 -2024-09-21
CVE-2024-8375 Object deserialization in Reverb leading to RCE — Reverb 9.1AICriticalAI2024-09-19
CVE-2024-5998 Deserialization of Untrusted Data in langchain-ai/langchain — langchain-ai/langchain 9.8 -2024-09-17
CVE-2024-22399 Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server — Apache Seata 9.8 -2024-09-16
CVE-2024-8862 h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization — h2o-3 7.3 High2024-09-14
CVE-2022-2446 WP Editor <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization — WP Editor 7.2 High2024-09-13

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.