Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1676

1676 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-34394 Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE — RMM 9.8AICriticalAI2025-12-10
CVE-2025-9571 Arbitrary Code Execution in Google Cloud Data Fusion via Malicious Artifact Upload — Cloud Data Fusion 8.8AIHighAI2025-12-10
CVE-2025-61810 ColdFusion | Deserialization of Untrusted Data (CWE-502) — ColdFusion 8.4 High2025-12-09
CVE-2025-66214 Ladybug has an XMLDecoder Deserialization Vulnerability (Java RCE) — ladybug 7.0 High2025-12-09
CVE-2025-34414 Entrust Instant Financial Issuance (IFI) Legacy Remoting Service .NET Remoting RCE — Instant Financial Issuance (IF) 9.1AICriticalAI2025-12-09
CVE-2025-33214 NVIDIA NVTabular 代码问题漏洞 — NVTabular 8.8 High2025-12-09
CVE-2025-33213 NVIDIA Merlin Transformers4Rec 代码问题漏洞 — Merlin Transformers4Rec 8.8 High2025-12-09
CVE-2025-67535 WordPress WP Maps plugin <= 4.8.6 - PHP Object Injection vulnerability — WP Maps 6.6 Medium2025-12-09
CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy — csla 9.8AICriticalAI2025-12-09
CVE-2025-42928 Deserialization Vulnerability in SAP jConnect - SDK for ASE — SAP jConnect - SDK for ASE 9.1 Critical2025-12-09
CVE-2025-66571 UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection — UNA CMS 9.8AICriticalAI2025-12-04
CVE-2025-41700 CODESYS Development System - Deserialization of Untrusted Data — CODESYS Development System 7.8 High2025-12-01
CVE-2025-13805 nutzam NutzBoot LiteRpc-Serializer HttpServletRpcEndpoint.java getInputStream deserialization — NutzBoot 3.7 Low2025-12-01
CVE-2025-9191 Houzez <= 4.1.6 - Authenticated (Subscriber+) PHP Object Injection via Saved Search — Houzez 6.3 Medium2025-11-26
CVE-2025-62703 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer — fugue 8.8 High2025-11-25
CVE-2025-13467 Org.keycloak.storage.ldap: keycloak: deserialization of untrusted data in ldap user federation — Keycloak 5.5 Medium2025-11-25
CVE-2025-66073 WordPress WP Webhooks plugin <= 3.3.8 - PHP Object Injection vulnerability — WP Webhooks 7.2 High2025-11-21
CVE-2025-66055 WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability — Email Subscribers & Newsletters 8.8 -2025-11-21
CVE-2025-59245 Microsoft SharePoint Online Elevation of Privilege Vulnerability — Microsoft SharePoint Online 9.8 Critical2025-11-20
CVE-2025-36072 IBM webMethods Integration Deserialization — webMethods Integration 8.8 High2025-11-20
CVE-2025-64408 Apache Causeway: Java deserialization vulnerability to authenticated attackers — Apache Causeway 8.8AIHighAI2025-11-19
CVE-2025-13145 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress 7.2 High2025-11-19
CVE-2025-12844 AI Engine <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization — AI Engine – The Chatbot, AI Framework & MCP for WordPress 7.1 High2025-11-13
CVE-2025-11367 N-central windows software probe Remote Code Execution — N-central 9.8 -2025-11-12
CVE-2025-62204 Microsoft SharePoint Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 8.0 High2025-11-11
CVE-2025-64512 pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input — pdfminer.six 8.6 High2025-11-10
CVE-2025-12099 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection via 'import_all_courses' — Academy LMS – WordPress LMS Plugin for Complete eLearning Solution 7.2 High2025-11-08
CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer — langgraph 8.8 -2025-11-07
CVE-2025-62035 WordPress Togo theme < 1.0.4 - PHP Object Injection vulnerability — Togo 9.8 -2025-11-06
CVE-2025-60245 WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability — WP User Manager 9.8 -2025-11-06

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.