Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk — sagemaker-python-sdk 7.8 High2024-05-03
CVE-2023-51576 Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability — ViewPower 9.8 -2024-05-03
CVE-2023-50223 Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability — Ignition 8.8 -2024-05-03
CVE-2023-50221 Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability — Ignition 8.8 -2024-05-03
CVE-2023-50222 Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability — Ignition 8.8 -2024-05-03
CVE-2023-50220 Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability — Ignition 8.8 -2024-05-03
CVE-2023-50219 Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability — Ignition 8.8 -2024-05-03
CVE-2023-50218 Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability — Ignition 8.8 -2024-05-03
CVE-2023-39476 Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability — Ignition 9.8 -2024-05-03
CVE-2023-39475 Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability — Ignition 9.8 -2024-05-03
CVE-2023-39473 Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability — Ignition 8.8 -2024-05-03
CVE-2023-7064 Shortcodes and extra features for Phlox theme <= 2.17.5 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer — Shortcodes and extra features for Phlox theme 7.5 High2024-05-02
CVE-2024-1897 Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated (Contributor+) PHP Object Injection via shortcode — Grid Gallery for Images 7.5 High2024-05-02
CVE-2024-1896 Photo Gallery <= 1.4.2 - Authenticated(Contributor+) PHP Object Injection via Shortcode — Photo Gallery for Images 7.5 High2024-05-02
CVE-2024-1895 Event Monster <= 1.3.9 - Authenticated(Contributor+) PHP Object Injection via Custom Meta — Event Monster – Manager & Ticket Booking 7.5 High2024-04-30
CVE-2024-27322 R statistical programming language 安全漏洞 — R 8.8 High2024-04-29
CVE-2024-33553 WordPress XStore Core plugin <= 5.3.5 - Unauthenticated PHP Object Injection vulnerability — XStore Core 9.0 Critical2024-04-29
CVE-2024-33641 WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability — Custom field finder 5.4 Medium2024-04-29
CVE-2024-32876 NewPipe has potential security vulnerability when importing settings — NewPipe 8.5 High2024-04-24
CVE-2024-32817 WordPress Import and export users and customers plugin <= 1.26.2 - PHP Object Injection vulnerability — Import and export users and customers 4.4 Medium2024-04-24
CVE-2024-32835 WordPress Export and Import Users and Customers plugin <= 2.5.3 - Deserialization of untrusted data vulnerability — Import Export WordPress Users 5.4 Medium2024-04-24
CVE-2024-4019 Byzoro Smart S80 Management Platform importhtml.php deserialization — Smart S80 Management Platform 6.3 Medium2024-04-20
CVE-2024-32600 WordPress Master Slider plugin <= 3.9.5 - PHP Object Injection vulnerability — Master Slider 8.3 High2024-04-18
CVE-2024-32603 WordPress WooBuddy plugin <= 3.4.20 - PHP Object Injection vulnerability — WooBuddy 8.5 High2024-04-18
CVE-2024-32431 WordPress Import Users from CSV plugin <= 1.2 - PHP Object Injection — Import Users from CSV 4.4 Medium2024-04-15
CVE-2024-3740 cym1102 nginxWebUI reload exec deserialization — nginxWebUI 6.3 Medium2024-04-13
CVE-2024-3054 WPvivid Backup & Migration Plugin <= 0.9.99 - Authenticated (Admin+) PHAR Deserialization — WPvivid — Backup, Migration & Staging 7.2 High2024-04-12
CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers — huggingface/transformers 8.8AIHighAI2024-04-10
CVE-2024-3020 Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection — Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel 7.2 High2024-04-10
CVE-2024-2501 Hubbub Lite – Fast, Reliable Social Network Sharing Buttons <= 1.33.1 - PHP Object Injection — Hubbub Lite – Fast, free social sharing and follow buttons 7.5 High2024-04-09

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.