Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1676

1676 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-48134 WordPress WP Tabs plugin <= 2.2.12 - PHP Object Injection Vulnerability — WP Tabs 7.2 High2025-05-16
CVE-2025-4742 XU-YIJIE grpo-flat grpo_vanilla.py main deserialization — grpo-flat 5.3 Medium2025-05-16
CVE-2025-4740 BeamCtrl Airiana coef deserialization — Airiana 5.3 Medium2025-05-16
CVE-2025-47784 Emlog vulnerable to Deserialization of Untrusted Data — emlog 7.3AIHighAI2025-05-15
CVE-2025-4701 VITA-MLLM Freeze-Omni utils.py torch.load deserialization — Freeze-Omni 5.3 Medium2025-05-15
CVE-2025-47292 Cap Collectif vulnerable to insecure deserialization leading to remote code execution — cap-collectif 9.8AICriticalAI2025-05-14
CVE-2025-3623 Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function — Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin 9.1 Critical2025-05-14
CVE-2025-30384 Microsoft SharePoint Server Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 7.4 High2025-05-13
CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 7.8 High2025-05-13
CVE-2025-30378 Microsoft SharePoint Server Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 7.0 High2025-05-13
CVE-2025-42999 Insecure Deserialization in SAP NetWeaver (Visual Composer development server) — SAP NetWeaver (Visual Composer development server) 9.1 Critical2025-05-13
CVE-2025-30012 Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit) — SAP Supplier Relationship Management (Live Auction Cockpit) 10.0 Critical2025-05-13
CVE-2025-46738 Deserialization of Untrusted Data — SEL-5033 acSELerator RTAC Software 6.6 Medium2025-05-12
CVE-2025-47732 Microsoft Dataverse Remote Code Execution Vulnerability — Microsoft Dataverse 8.7 High2025-05-08
CVE-2025-47683 WordPress WP Maintenance plugin <= 6.1.9.7 - PHP Object Injection Vulnerability — WP Maintenance 7.2 High2025-05-07
CVE-2025-47629 WordPress WP-CRM System plugin <= 3.4.5 - PHP Object Injection vulnerability — WP-CRM System 7.2 High2025-05-07
CVE-2025-0855 PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection — PGS Core 9.8 Critical2025-05-06
CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration — vllm 8.0 High2025-05-06
CVE-2025-43852 GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI — Retrieval-based-Voice-Conversion-WebUI 9.8AICriticalAI2025-05-05
CVE-2025-43851 GHSL-2025-021_Retrieval-based-Voice-Conversion-WebUI — Retrieval-based-Voice-Conversion-WebUI 9.8AICriticalAI2025-05-05
CVE-2025-43850 GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI — Retrieval-based-Voice-Conversion-WebUI 9.8AICriticalAI2025-05-05
CVE-2025-43849 GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI — Retrieval-based-Voice-Conversion-WebUI 9.8AICriticalAI2025-05-05
CVE-2025-43848 GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI — Retrieval-based-Voice-Conversion-WebUI 9.8AICriticalAI2025-05-05
CVE-2025-43847 GHSL-2025-017_Retrieval-based-Voice-Conversion-WebUI — Retrieval-based-Voice-Conversion-WebUI 9.8AICriticalAI2025-05-05
CVE-2025-43846 GHSL-2025-016_Retrieval-based-Voice-Conversion-WebUI — Retrieval-based-Voice-Conversion-WebUI 9.8AICriticalAI2025-05-05
CVE-2025-4260 zhangyanbo2007 youkefu TemplateController.java impsave deserialization — youkefu 4.3 Medium2025-05-05
CVE-2025-46567 LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py — LLaMA-Factory 6.1 Medium2025-05-01
CVE-2025-23254 NVIDIA TensorRT-LLM 代码问题漏洞 — TensorRT-LLM 8.8 High2025-05-01
CVE-2025-32444 vLLM Vulnerable to Remote Code Execution via Mooncake Integration — vllm 10.0 Critical2025-04-30
CVE-2025-34491 GFI MailEssentials < 21.8 MultiNode Insecure Deserialization — MailEssentials 8.8 High2025-04-28

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.