Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1676

1676 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-24857 ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection — ToTop Link 9.8 -2021-12-13
CVE-2021-44228 Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints — Apache Log4j2 9.9 -2021-12-10
CVE-2021-42130 Ivanti Avalanche 代码问题漏洞 — Ivanti Avalanche 8.8 -2021-12-07
CVE-2021-42127 Ivanti Avalanche 代码问题漏洞 — Ivanti Avalanche 9.8 -2021-12-07
CVE-2021-42125 Ivanti Avalanche 代码问题漏洞 — Ivanti Avalance 8.8 -2021-12-07
CVE-2021-43360 Sunnet eHRD - Insecure Deserialization — eHRD 8.8 High2021-12-01
CVE-2021-22095 Spring AMQP 代码问题漏洞 — Spring AMQP 6.5 -2021-11-30
CVE-2021-34992 Orckestra C1 CMS 代码问题漏洞 — C1 CMS 8.8 -2021-11-15
CVE-2021-26558 Deserialization of Untrusted Data — Apache ShardingSphere-UI 7.5 -2021-11-11
CVE-2021-42698 AzeoTech DAQFactory — DAQFactory 7.8 High2021-11-05
CVE-2021-22097 Spring AMQP 代码问题漏洞 — Spring AMQP 7.5 -2021-10-28
CVE-2021-40865 Unsafe Pre-Authentication Deserialization In Workers — Apache Storm 9.8 -2021-10-25
CVE-2021-40719 Adobe Connect Deserialization of Untrusted Data Remote Code Execution — Connect 9.8 -2021-10-21
CVE-2021-40720 Ops CLI Deserialization of Untrusted Data leads to Abritrary Code Execution — Ops-CLI 9.8 Critical2021-10-15
CVE-2021-33728 Siemens SINEC NMS 代码问题漏洞 — SINEC NMS 7.2 -2021-10-12
CVE-2021-41129 Authentication bypass in Pterodactyl — panel 8.1 High2021-10-06
CVE-2021-41110 CWL Viewer: deserialization of untrusted data can lead to complete takeover by an attacker — cwlviewer 9.1 Critical2021-10-01
CVE-2021-41616 Apache ddlutils 1.0 readobject vulnerability — Apache DB ddlutils 9.8 -2021-09-30
CVE-2021-37181 多款 Siemens 产品代码问题漏洞 — Cerberus DMS V4.0 10.0 -2021-09-14
CVE-2021-39207 Deserialization of Untrusted Data in parlai — ParlAI 8.4 High2021-09-10
CVE-2021-24040 parlai 代码问题漏洞 — ParlAI 7.2 -2021-09-10
CVE-2021-32568 Deserialization of Untrusted Data in zmister2016/mrdoc — zmister2016/mrdoc 7.8 -2021-09-06
CVE-2021-35218 Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability — Patch Manager 8.9 High2021-09-01
CVE-2021-35216 Deserialization of Untrusted Data in Resource Controls Remote Code Execution — Patch Manager 8.9 High2021-09-01
CVE-2021-35215 ActionPluginBaseView Deserialization of Untrusted Data RCE — Orion Platform 8.9 High2021-09-01
CVE-2021-39132 YAML deserialization can run untrusted code — rundeck 8.8 High2021-08-30
CVE-2021-24579 Bold Page Builder < 3.1.6 - PHP Object Injection — Bold Page Builder 8.8 -2021-08-30
CVE-2021-21869 3s-smart Software Solutions CODESYS Development System 代码问题漏洞 — CODESYS 7.8 -2021-08-25
CVE-2021-39150 A Server-Side Forgery Request vulnerability in XStream via PriorityQueue unmarshaling — xstream 8.5 High2021-08-23
CVE-2021-39152 A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling — xstream 8.5 High2021-08-23

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.