CWE-502 (可信数据的反序列化) — Vulnerability Class 1676

1676 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-61765	python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments — python-socketio	6.4	Medium	2025-10-06
CVE-2023-49886	IBM Transformation Extender Advanced code execution — Transformation Extender Advanced	9.8	Critical	2025-10-06
CVE-2025-11273	LaChatterie Verger provider.ts redirectToAuthorization deserialization — Verger	6.3	Medium	2025-10-04
CVE-2025-61677	DataChain: Deserialization of Untrusted Data from Environment Variables — datachain	2.5	Low	2025-10-03
CVE-2025-61622	Apache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory — Apache Fory	9.8^AI	Critical^AI	2025-10-01
CVE-2025-11135	pmTicket Project-Management-Software Cookie class.database.php loadLanguage deserialization — Project-Management-Software	7.3	High	2025-09-29
CVE-2025-10975	GuanxingLu vlarl ZeroMQ reasoning_server.py run_reasoning_server deserialization — vlarl	6.3	Medium	2025-09-25
CVE-2025-10974	giantspatula SewKinect Endpoint calculate pickle.loads deserialization — SewKinect	6.3	Medium	2025-09-25
CVE-2025-10965	LazyAGI LazyLLM server.py lazyllm_call deserialization — LazyLLM	6.3	Medium	2025-09-25
CVE-2025-10950	geyang ml-logger Ping server.py log_handler deserialization — ml-logger	6.3	Medium	2025-09-25
CVE-2025-48459	Apache IoTDB: Deserialization of untrusted Data — Apache IoTDB	9.8^AI	Critical^AI	2025-09-24
CVE-2025-26399	SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability — Web Help Desk	9.8	Critical	2025-09-23
CVE-2025-53465	WordPress GSheets Connector Plugin <= 1.1.1 - PHP Object Injection Vulnerability — GSheets Connector	7.2	High	2025-09-22
CVE-2025-57919	WordPress ConveyThis plugin <= 269.1 - PHP Object Injection vulnerability — ConveyThis	7.2	High	2025-09-22
CVE-2025-58662	WordPress Awesome Support plugin <= 6.3.5 - Deserialization of untrusted data vulnerability — Awesome Support	7.2	High	2025-09-22
CVE-2025-10771	jeecgboot JimuReport DB2 JDBC testConnection deserialization — JimuReport	6.3	Medium	2025-09-21
CVE-2025-10770	jeecgboot JimuReport MySQL JDBC testConnection deserialization — JimuReport	6.3	Medium	2025-09-21
CVE-2025-10769	h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization — h2o-3	6.3	Medium	2025-09-21
CVE-2025-10768	h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization — h2o-3	6.3	Medium	2025-09-21
CVE-2025-6544	Deserialization Vulnerability in h2oai/h2o-3 — h2oai/h2o-3	9.8^AI	Critical^AI	2025-09-21
CVE-2025-9906	Arbitrary Code execution in Keras Safe Mode — Keras	8.8	-	2025-09-19
CVE-2025-59713	Snipe-IT 代码问题漏洞 — Snipe-IT	6.8	Medium	2025-09-19
CVE-2025-10492	Jaspersoft Library Deserialisation Vulnerability — JasperReports Library Community Edition	9.8^AI	Critical^AI	2025-09-16
CVE-2025-59050	Greenshot — Insecure .NET deserialization via WM_COPYDATA enables local code execution — greenshot	8.4	High	2025-09-16
CVE-2025-59328	Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data — Apache Fory	7.5^AI	High^AI	2025-09-15
CVE-2025-58748	Dataease H2 data source JDBC URL validation bypass leads to remote code execution — dataease	9.8^AI	Critical^AI	2025-09-15
CVE-2025-58046	Dataease has a JDBC attack vulnerability in the Impala datasource — dataease	9.8^AI	Critical^AI	2025-09-15
CVE-2025-10433	1Panel-dev MaxKB debug deserialization — MaxKB	6.3	Medium	2025-09-15
CVE-2025-10252	SEAT Queue Ticket Kiosk Java RMI Registry deserialization — Queue Ticket Kiosk	3.1	Low	2025-09-11
CVE-2025-10164	lmsys sglang update_weights_from_tensor main deserialization — sglang	7.3	High	2025-09-09

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-502 (可信数据的反序列化) — Vulnerability Class 1676