Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1676

1676 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-22417 WordPress Grand Wedding theme < 3.1.11 - PHP Object Injection vulnerability — Grand Wedding 9.8 Critical2026-03-05
CVE-2025-54001 WordPress Classter theme <= 2.5 - PHP Object Injection vulnerability — Classter 9.8 Critical2026-03-05
CVE-2026-20131 Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability — Cisco Secure Firewall Management Center (FMC) 10.0 Critical2026-03-04
CVE-2026-3452 Concrete CMS below 9.4.8 is vulnerable to stored deserialization leading to RCE in the Express Entry List block. — Concrete CMS 7.2 -2026-03-04
CVE-2026-27971 Qwik affected by unauthenticated RCE via server$ Deserialization — qwik 9.8AICriticalAI2026-03-03
CVE-2025-52998 Chamilo: PHAR deserialization bypass — chamilo-lms 8.1AIHighAI2026-03-02
CVE-2025-50198 Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters — chamilo-lms 9.8AICriticalAI2026-03-02
CVE-2024-47886 Chamilo: Post-Auth Remote Code Execution — chamilo-lms 7.2AIHighAI2026-03-02
CVE-2026-3422 e-Excellence|U-Office Force - Insecure Deserialization — U-Office Force 9.8 Critical2026-03-02
CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field — WP Mail Logging 7.5 High2026-02-28
CVE-2026-27776 NTT DATA INTRAMART intra-mart Accel Platform 代码问题漏洞 — intra-mart Accel Platform 8.8 -2026-02-27
CVE-2026-3071 flair 安全漏洞 — Flair 8.4 High2026-02-26
CVE-2026-28138 WordPress uListing plugin <= 2.2.0 - PHP Object Injection vulnerability — uListing 7.2 High2026-02-26
CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property — c3p0 9.8AICriticalAI2026-02-26
CVE-2026-27794 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution — langgraph-checkpoint 6.6 Medium2026-02-25
CVE-2026-26222 DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE — Altec DocLink 9.1AICriticalAI2026-02-24
CVE-2026-25747 Apache Camel LevelDB: Deserialization of Untrusted Data in Camel LevelDB — Apache Camel LevelDB 8.8AIHighAI2026-02-23
CVE-2026-2970 datapizza-labs datapizza-ai cache.py RedisCache deserialization — datapizza-ai 4.6 Medium2026-02-23
CVE-2026-2898 funadmin Backend Endpoint AuthCloudService.php getMember deserialization — funadmin 5.5 Medium2026-02-22
CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize() — json-serializer 8.1 High2026-02-21
CVE-2026-2036 GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability — Archiver 8.8AIHighAI2026-02-20
CVE-2026-2037 GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability — Archiver 8.8AIHighAI2026-02-20
CVE-2026-24892 openITCOCKPIT has Unsafe Deserialization in openITCOCKPIT Changelog Handling — openITCOCKPIT 7.5 High2026-02-20
CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection — openITCOCKPIT 7.5 High2026-02-20
CVE-2026-22384 WordPress Applay - Shortcodes plugin <= 3.7 - PHP Object Injection vulnerability — Applay - Shortcodes 9.8 Critical2026-02-20
CVE-2026-22354 WordPress Woocommerce Category Banner Management plugin <= 2.5.1 - PHP Object Injection vulnerability — Woocommerce Category Banner Management 8.8 High2026-02-20
CVE-2026-22345 WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability — Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery 8.8 High2026-02-20
CVE-2026-22346 WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.5.4 - PHP Object Injection vulnerability — Slider Responsive Slideshow – Image slider, Gallery slideshow 8.8 High2026-02-20
CVE-2025-69404 WordPress Extreme Store theme <= 1.5.10 - PHP Object Injection vulnerability — Extreme Store 9.8 Critical2026-02-20
CVE-2025-69405 WordPress Lorem Ipsum | Books & Media Store theme <= 1.2.11 - PHP Object Injection vulnerability — Lorem Ipsum | Books & Media Store 9.8 Critical2026-02-20

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.