Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1668

1668 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-62233 Apache DolphinScheduler: Deserialization of untrusted data in RPC — Apache DolphinScheduler 8.8AIHighAI2026-04-24
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability — Microsoft Bing 10.0 Critical2026-04-23
CVE-2026-26210 KTransformers Unsafe Deserialization RCE via balance_serve — ktransformers 9.8 Critical2026-04-23
CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC — LeRobot 9.8AICriticalAI2026-04-23
CVE-2025-62373 Pipecat vulnerable to Remote Code Execution by Pickle Deserialization via LivekitFrameSerializer — pipecat 9.8 Critical2026-04-23
CVE-2026-6857 Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization — Red Hat build of Apache Camel 4 for Quarkus 3 7.5 High2026-04-22
CVE-2026-6023 Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX — Telerik UI for ASP.NET AJAX 8.1 High2026-04-22
CVE-2026-39467 WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - PHP Object Injection vulnerability — Responsive Slider by MetaSlider 7.2 High2026-04-21
CVE-2026-25524 OpenMage LTS's Phar Deserialization leads to Remote Code Execution — magento-lts 8.1 High2026-04-20
CVE-2026-25917 Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5) — Apache Airflow 9.8AICriticalAI2026-04-18
CVE-2026-40901 DataEase: Quartz Deserialization → Remote Code Execution — dataease 8.8AIHighAI2026-04-16
CVE-2025-15610 OpenText RightFax 安全漏洞 — RightFax 9.8 -2026-04-15
CVE-2026-27303 Adobe Connect | Deserialization of Untrusted Data (CWE-502) — Adobe Connect 9.6 Critical2026-04-14
CVE-2026-34615 Adobe Connect | Deserialization of Untrusted Data (CWE-502) — Adobe Connect 9.3 Critical2026-04-14
CVE-2026-32192 Azure Monitor Agent Elevation of Privilege Vulnerability — Azure Monitor 7.8 High2026-04-14
CVE-2026-32184 Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability — Microsoft HPC Pack 2019 7.8 High2026-04-14
CVE-2026-3017 Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection — Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts 7.2 High2026-04-14
CVE-2026-40044 Pachno 1.0.6 FileCache Deserialization Remote Code Execution — Pachno 9.8 Critical2026-04-13
CVE-2026-1462 Safe Mode Bypass in keras-team/keras — keras-team/keras 7.5 -2026-04-13
CVE-2026-33858 Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API — Apache Airflow 9.8 -2026-04-13
CVE-2026-35337 Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling — Apache Storm Client 8.8 -2026-04-13
CVE-2026-25204 SAMSUNG Escargot 安全漏洞 — Escargot 6.2 Medium2026-04-13
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer — wolfSSL 8.1AIHighAI2026-04-09
CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection — Nexus Repository 7.2AIHighAI2026-04-08
CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading — PraisonAI 9.8 Critical2026-04-08
CVE-2026-32590 Mirror-registry: remote code execution using pickle deserialization — mirror registry for Red Hat OpenShift 7.1 High2026-04-08
CVE-2026-3296 Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder 9.8 Critical2026-04-08
CVE-2026-3357 IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file — Langflow Desktop 8.8 High2026-04-08
CVE-2026-33439 Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM — OpenAM 9.8AICriticalAI2026-04-07
CVE-2026-24156 NVIDIA DALI 代码问题漏洞 — DALI 7.3 High2026-04-07

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1668 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.