CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-31129	jooby-pac4j: deserialization of untrusted data — jooby	8.8	High	2025-03-31
CVE-2025-31103	appleple a-blog cms 代码问题漏洞 — a-blog cms (Ver.3.1.x series)	9.8	-	2025-03-31
CVE-2025-22526	WordPress PHP/MySQL CPU performance statistics Plugin <= 1.2.1 - PHP Object Injection vulnerability — PHP/MySQL CPU performance statistics	9.8	Critical	2025-03-28
CVE-2025-2485	Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion — Drag and Drop Multiple File Upload for Contact Form 7	7.5	High	2025-03-28
CVE-2025-26873	WordPress Traveler theme <= 3.1.8 - PHP Object Injection vulnerability — Traveler	9.0	Critical	2025-03-27
CVE-2025-2855	elunez eladmin upload checkFile deserialization — eladmin	4.7	Medium	2025-03-27
CVE-2025-30773	WordPress TranslatePress plugin <= 2.9.6 - PHP Object Injection Vulnerability — TranslatePress	7.2	High	2025-03-27
CVE-2025-2332	Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection — Export All Posts, Products, Orders, Refunds & Users	9.8	Critical	2025-03-27
CVE-2025-1913	Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter — Product Import Export for WooCommerce – Import Export Product CSV Suite	7.2	High	2025-03-26
CVE-2024-13889	WordPress Importer <= 0.8.3 - Authenticated (Administrator+) PHP Object Injection — WordPress Importer	7.2	High	2025-03-26
CVE-2025-2690	yiisoft Yii2 MockClass.php generate deserialization — Yii2	6.3	Medium	2025-03-24
CVE-2025-2689	yiisoft Yii2 SortableIterator.php getIterator deserialization — Yii2	6.3	Medium	2025-03-24
CVE-2025-2622	aizuda snail-job Workflow-Task Management Module check-node-expression getRuntime deserialization — snail-job	6.3	Medium	2025-03-22
CVE-2025-1971	Export and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter — Export and Import Users and Customers	7.2	High	2025-03-22
CVE-2025-0724	ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection — ProfileGrid – User Profiles, Groups and Communities	8.8	High	2025-03-22
CVE-2025-29807	Microsoft Dataverse Remote Code Execution Vulnerability — Microsoft Dataverse	8.7	High	2025-03-21
CVE-2024-13921	Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter — Order Export & Order Import for WooCommerce	7.2	High	2025-03-20
CVE-2024-11041	Remote Code Execution in vllm-project/vllm — vllm-project/vllm	9.8	-	2025-03-20
CVE-2024-9070	Deserialization Vulnerability in BentoML's Runner Server in bentoml/bentoml — bentoml/bentoml	9.8	-	2025-03-20
CVE-2024-12433	Remote Code Execution in infiniflow/ragflow — infiniflow/ragflow	9.8	-	2025-03-20
CVE-2024-9701	Remote Code Execution in kedro-org/kedro — kedro-org/kedro	9.8	-	2025-03-20
CVE-2024-12044	Remote Code Execution by Pickle Deserialization in open-mmlab/mmdetection — open-mmlab/mmdetection	9.8	-	2025-03-20
CVE-2024-11039	Deserialization of Untrusted Data in binary-husky/gpt_academic — binary-husky/gpt_academic	8.8	-	2025-03-20
CVE-2024-10190	Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod — horovod/horovod	9.8	-	2025-03-20
CVE-2024-8502	Remote Code Execution via Deserialization in modelscope/agentscope — modelscope/agentscope	9.8	-	2025-03-20
CVE-2024-9053	Remote Code Execution in vllm-project/vllm — vllm-project/vllm	9.8	-	2025-03-20
CVE-2024-10553	Jdbc Deserialization in h2oai/h2o-3 — h2oai/h2o-3	9.8	-	2025-03-20
CVE-2024-12029	Remote Code Execution via Model Deserialization in invoke-ai/invokeai — invoke-ai/invokeai	8.8	-	2025-03-20
CVE-2024-47552	Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server — Apache Seata (incubating)	9.8	-	2025-03-20
CVE-2025-27778	Applio allows unsafe deserialization in infer.py — Applio	9.8	-	2025-03-19

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677