Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-36439 Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server 2016 Cumulative Update 23 8.0 High2023-11-14
CVE-2023-38177 Microsoft SharePoint Server Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 6.1 Medium2023-11-14
CVE-2023-47248 PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file — PyArrow 9.8 -2023-11-09
CVE-2023-39913 Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats — Apache UIMA Java SDK Core 9.8 -2023-11-08
CVE-2023-1714 Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction — Bitrix24 8.8 High2023-11-01
CVE-2023-45672 Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py` — frigate 7.5 High2023-10-30
CVE-2023-5583 WP Simple Galleries <= 1.34 - Authenticated (Contributor+) PHP Object Injection — WP Simple Galleries 8.8 High2023-10-30
CVE-2023-46604 Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack — Apache ActiveMQ 10.0 Critical2023-10-27
CVE-2023-4386 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries — Essential Blocks Pro 8.1 High2023-10-20
CVE-2022-3342 Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization — Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation 7.5 High2023-10-20
CVE-2023-4402 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products — Essential Blocks Pro 8.1 High2023-10-20
CVE-2023-35180 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Access Rights Manager 8.0 High2023-10-19
CVE-2023-35182 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Access Rights Manager 8.8 High2023-10-19
CVE-2023-35184 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Access Rights Manager 8.8 High2023-10-19
CVE-2023-35186 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Access Rights Manager 8.0 High2023-10-19
CVE-2023-46227 Apache inlong has an Arbitrary File Read Vulnerability — Apache InLong 9.8 -2023-10-19
CVE-2023-45146 Remote code execution in XXL-RPC — xxl-rpc 9.1 Critical2023-10-18
CVE-2023-23930 vantage6's Pickle serialization is insecure — vantage6 5.5 Medium2023-10-11
CVE-2023-42809 Redisson unsafe deserialization vulnerability — redisson 9.7 Critical2023-10-04
CVE-2023-5391 Schneider Electric EcoStruxure Power Monitoring Expert 代码问题漏洞 — EcoStruxure Power Monitoring Expert 9.8 Critical2023-10-04
CVE-2023-39410 Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK — Apache Avro Java SDK 7.5 -2023-09-29
CVE-2023-40044 WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability — WS_FTP Server 10.0 Critical2023-09-27
CVE-2023-5183 Authenticated RCE due to unsafe JSON deserialization — Core PCE 9.9 Critical2023-09-26
CVE-2023-5016 spider-flow API DataSourceController.java DriverManager.getConnection deserialization — spider-flow 6.3 Medium2023-09-17
CVE-2023-38204 Bypass APSB23-41 (CVE-2023-38203) - Pre-Auth RCE ColdFusion 2021 Update 8 — ColdFusion 9.8 Critical2023-09-14
CVE-2023-36777 Microsoft Exchange Server Information Disclosure Vulnerability — Microsoft Exchange Server 2019 Cumulative Update 12 5.7 Medium2023-09-12
CVE-2023-38155 Azure DevOps Server Remote Code Execution Vulnerability — Azure DevOps Server 2019.0.1 7.0 High2023-09-12
CVE-2023-36736 Microsoft Identity Linux Broker Remote Code Execution Vulnerability — Microsoft Identity Linux Broker 4.4 Medium2023-09-12
CVE-2023-36745 Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server 2019 Cumulative Update 13 8.0 High2023-09-12
CVE-2023-36744 Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server 2019 Cumulative Update 12 8.0 High2023-09-12

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.