Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1676

1676 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14921 Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability — Transformers 7.8AIHighAI2025-12-23
CVE-2025-14929 Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability — Transformers 8.8AIHighAI2025-12-23
CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode — Live Composer – Free WordPress Website Builder 7.5 High2025-12-21
CVE-2025-65035 GLPI Database Inventory Plugin Vulnerable to Stored Object Injection — databaseinventory 6.4 Medium2025-12-19
CVE-2025-66524 Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor — Apache NiFi 7.5AIHighAI2025-12-19
CVE-2025-34449 Genymobile/scrcpy <= 3.3.3 Global Buffer Overflow — scrcpy 8.4AIHighAI2025-12-18
CVE-2025-64266 WordPress Booking and Rental Manager plugin <= 2.5.4 - PHP Object Injection vulnerability — Booking and Rental Manager 9.8AICriticalAI2025-12-18
CVE-2025-64233 WordPress Codiqa theme < 1.2.8 - PHP Object Injection vulnerability — Codiqa 9.8AICriticalAI2025-12-18
CVE-2025-64227 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - PHP Object Injection vulnerability — Client Invoicing by Sprout Invoices 9.8AICriticalAI2025-12-18
CVE-2025-64206 WordPress Jannah theme <= 7.6.0 - PHP Object Injection vulnerability — Jannah 9.8AICriticalAI2025-12-18
CVE-2025-60174 WordPress WP Gravity Forms Constant Contact plugin plugin <= 1.1.2 - Deserialization of untrusted data vulnerability — WP Gravity Forms Constant Contact Plugin 8.8AIHighAI2025-12-18
CVE-2025-60180 WordPress WP Gravity Forms Salesforce plugin <= 1.5.1 - PHP Object Injection vulnerability — WP Gravity Forms Salesforce 8.8AIHighAI2025-12-18
CVE-2025-60091 WordPress WP Gravity Forms Zoho CRM and Bigin plugin <= 1.2.9 - Deserialization of untrusted data vulnerability — WP Gravity Forms Zoho CRM and Bigin 9.8AICriticalAI2025-12-18
CVE-2025-60178 WordPress WP Gravity Forms HubSpot plugin <= 1.2.6 - Deserialization of untrusted data vulnerability — WP Gravity Forms HubSpot 9.8AICriticalAI2025-12-18
CVE-2025-60089 WordPress WP Gravity Forms FreshDesk plugin plugin <= 1.3.5 - Deserialization of untrusted data vulnerability — WP Gravity Forms FreshDesk Plugin 9.8AICriticalAI2025-12-18
CVE-2025-60090 WordPress WP Gravity Forms Insightly plugin <= 1.1.6 - Deserialization of untrusted data vulnerability — WP Gravity Forms Insightly 8.8AIHighAI2025-12-18
CVE-2025-60083 WordPress PDF Invoice Builder for WooCommerce plugin <= 6.5.0 - Deserialization of untrusted data vulnerability — PDF Invoice Builder for WooCommerce 9.8AICriticalAI2025-12-18
CVE-2025-60084 WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability — PDF for Elementor Forms + Drag And Drop Template Builder 8.8 High2025-12-18
CVE-2025-60081 WordPress PDF for Contact Form 7 plugin <= 6.5.0 - Deserialization of untrusted data vulnerability — PDF for Contact Form 7 9.8AICriticalAI2025-12-18
CVE-2025-60082 WordPress PDF for WPForms plugin <= 6.5.0 - Deserialization of untrusted data vulnerability — PDF for WPForms 9.8AICriticalAI2025-12-18
CVE-2025-60080 WordPress PDF for Gravity Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability — PDF for Gravity Forms + Drag And Drop Template Builder 9.8AICriticalAI2025-12-18
CVE-2025-54723 WordPress DentiCare Theme < 1.4.3 - PHP Object Injection Vulnerability — DentiCare 9.8AICriticalAI2025-12-18
CVE-2025-33210 NVIDIA Isaac Lab 代码问题漏洞 — Isaac Lab 9.0 Critical2025-12-16
CVE-2025-33226 NVIDIA Nemo Framework 代码问题漏洞 — NeMo Framework 7.8 High2025-12-16
CVE-2025-33212 NVIDIA Nemo Framework 代码问题漏洞 — NeMo Framework 7.3 High2025-12-16
CVE-2025-9121 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data — Pentaho Data Integration and Analytics 8.8 High2025-12-15
CVE-2025-14606 tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization — Tiny RDM 5.0 Medium2025-12-13
CVE-2025-14476 Doubly <= 1.0.46 - Authenticated (Subscriber+) PHP Object Injection via ZIP File Import — Doubly – Cross Domain Copy Paste for WordPress 8.8 High2025-12-13
CVE-2025-26866 Apache HugeGraph-Server: RAFT and deserialization vulnerability — Apache HugeGraph-Server 8.8AIHighAI2025-12-12
CVE-2025-14044 Visitor Logic Lite <= 1.0.3 - Unauthenticated PHP Object Injection via 'lpblocks' Cookie — Visitor Logic Lite 8.1 High2025-12-12

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.