Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1676

1676 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-22505 WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability — Morning Records 8.1 High2026-03-25
CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability — m2 | Construction and Tools Store 9.8 Critical2026-03-25
CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability — Product Feed for WooCommerce 7.2 High2026-03-25
CVE-2026-24159 NVIDIA Nemo Framework 代码问题漏洞 — NeMo Framework 7.8 High2026-03-24
CVE-2026-24157 NVIDIA Nemo Framework 代码问题漏洞 — NeMo Framework 7.8 High2026-03-24
CVE-2026-24141 NVIDIA Model Optimizer 代码问题漏洞 — NVIDIA Model Optimizer 7.8 High2026-03-24
CVE-2025-33244 NVIDIA Apex 代码问题漏洞 — Apex 9.0 Critical2026-03-24
CVE-2026-24152 NVIDIA Megatron-LM 代码问题漏洞 — Megatron LM 7.8 High2026-03-24
CVE-2026-24151 NVIDIA Megatron-LM 代码问题漏洞 — Megatron LM 7.8 High2026-03-24
CVE-2026-24150 NVIDIA Megatron-LM 代码问题漏洞 — Megatron LM 7.8 High2026-03-24
CVE-2025-33248 NVIDIA Megatron-LM 代码问题漏洞 — Megatron LM 7.8 High2026-03-24
CVE-2025-33247 NVIDIA Megatron LM 代码问题漏洞 — Megatron LM 7.8 High2026-03-24
CVE-2026-4735 A stack overflow and DoS vulnerability in DTStack/chunjun — chunjun 9.8 -2026-03-24
CVE-2026-4538 PyTorch pt2 Loading deserialization — PyTorch 5.3 Medium2026-03-22
CVE-2026-0677 WordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerability — TotalContest Lite 9.8 -2026-03-20
CVE-2026-29109 SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing — SuiteCRM-Core 7.2 -2026-03-19
CVE-2025-71260 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 VIEWSTATE Deserialization RCE — FootPrints 8.8 High2026-03-19
CVE-2026-25445 WordPress WishList Member X plugin <= 3.29.0 - PHP Object Injection vulnerability — WishList Member X 8.8 High2026-03-19
CVE-2025-60237 WordPress Finag theme <= 1.5.0 - PHP Object Injection vulnerability — Finag 9.8 Critical2026-03-19
CVE-2025-60233 WordPress Zuut theme <= 1.4.2 - PHP Object Injection vulnerability — Zuut 9.8 Critical2026-03-19
CVE-2026-27096 WordPress ColorFolio - Freelance Designer WordPress Theme theme <= 1.3 - Deserialization of untrusted data vulnerability — ColorFolio - Freelance Designer WordPress Theme 8.1 High2026-03-19
CVE-2026-25873 OmniGen2-RL Reward Server Unsafe Deserialization RCE — OmniGen2-RL 9.8 Critical2026-03-18
CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability — Traveler 9.8 Critical2026-03-18
CVE-2026-25769 Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization — wazuh 9.1 Critical2026-03-17
CVE-2026-1323 Insecure Deserialization in extension "Mailqueue" (mailqueue) — Extension "Mailqueue" 8.8AIHighAI2026-03-17
CVE-2025-54920 Apache Spark: Spark History Server Code Execution Vulnerability — Apache Spark 8.8 -2026-03-14
CVE-2026-32355 WordPress JetEngine plugin < 3.8.4.1 - Deserialization of untrusted data vulnerability — JetEngine 9.8 -2026-03-13
CVE-2025-13913 Inductive Automation Ignition Software Deserialization of Untrusted Data — Ignition Software 6.3 Medium2026-03-12
CVE-2026-3967 Alfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStream deserialization — Activiti 6.3 Medium2026-03-12
CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload — glpi 8.1 High2026-03-11

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.