Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12600 Custom Product Tabs Lite for WooCommerce <= 1.9.0 - Authenticated (Shop Manager+) PHP Object Injection — Custom Product Tabs Lite for WooCommerce 7.2 High2025-01-25
CVE-2025-23006 SonicWALL SMA1000 代码问题漏洞 — SMA1000 9.8 -2025-01-23
CVE-2024-31903 IBM Sterling B2B Integrator Standard Edition code execution — Sterling B2B Integrator Standard Edition 8.8 High2025-01-22
CVE-2025-23914 WordPress Muzaara Google Ads Report Plugin <= 3.1 - PHP Object Injection vulnerability — Muzaara Google Ads Report 9.8 Critical2025-01-22
CVE-2025-23944 WordPress WOOEXIM Plugin <= 5.0.0 - PHP Object Injection vulnerability — WOOEXIM 8.8 High2025-01-22
CVE-2025-23932 WordPress Quick Count Plugin <= 3.00 - PHP Object Injection vulnerability — Quick Count 9.8 Critical2025-01-22
CVE-2025-0429 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms — AI Puffer – Your AI engine for WordPress (formerly AI Power) 7.2 High2025-01-22
CVE-2025-0428 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts — AI Puffer – Your AI engine for WordPress (formerly AI Power) 7.2 High2025-01-22
CVE-2024-49699 WordPress ARPrice plugin <= 4.1.3 - PHP Object Injection vulnerability — ARPrice 8.8 High2025-01-21
CVE-2024-49688 WordPress ARPrice plugin <= 4.1.3 - Unauthenticated PHP Object Injection vulnerability — ARPrice 9.8 Critical2025-01-21
CVE-2024-10936 String Locator <= 2.6.6 - Unauthenticated PHP Object Injection — String locator 8.8 High2025-01-21
CVE-2025-0586 aEnrich Technology a+HRD - Insecure Deserialization — a+HRD 7.2 High2025-01-20
CVE-2024-12703 Schneider Electric RemoteConnect and SCADAPack 代码问题漏洞 — RemoteConnect and SCADAPack x70 Utilities 7.8 High2025-01-17
CVE-2024-56515 Untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in Matrix Media Repo — matrix-media-repo 6.8 Medium2025-01-16
CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability — Microsoft 365 Apps for Enterprise 7.8 High2025-01-14
CVE-2025-0465 AquilaCMS categories deserialization — AquilaCMS 7.3 High2025-01-14
CVE-2024-13163 Ivanti EPM 代码问题漏洞 — Endpoint Manager 7.8 High2025-01-14
CVE-2025-22777 WordPress GiveWP Plugin <= 3.19.3 - PHP Object Injection vulnerability — GiveWP 9.8 Critical2025-01-13
CVE-2024-12877 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection — GiveWP – Donation Plugin and Fundraising Platform 9.8 Critical2025-01-11
CVE-2024-12627 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection — Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce 7.5 High2025-01-11
CVE-2024-13297 Eloqua - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-063 — Eloqua 9.8 -2025-01-09
CVE-2024-13296 Mailjet - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-062 — Mailjet 9.8 -2025-01-09
CVE-2024-13295 Node export - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-061 — Node export 9.8 -2025-01-09
CVE-2024-13288 Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052 — Monster Menus 9.8 -2025-01-09
CVE-2025-22510 WordPress WC Price History for Omnibus plugin <= 2.1.4 - PHP Object Injection vulnerability — WC Price History for Omnibus 7.2 High2025-01-09
CVE-2024-54676 Apache OpenMeetings: Deserialisation of untrusted data in cluster mode — Apache OpenMeetings 9.8 -2025-01-08
CVE-2024-49222 WordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerability — WPGuppy 9.8 Critical2025-01-07
CVE-2024-56283 WordPress Locatoraid Store Locator Plugin <= 3.9.50 - PHP Object Injection vulnerability — Locatoraid Store Locator 8.1 High2025-01-07
CVE-2024-56291 WordPress PlainInventory – Inventory Management Plugin Plugin <= 3.1.6 - PHP Object Injection vulnerability — PlainInventory 8.1 High2025-01-07
CVE-2024-12313 Compare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object Injection — Compare Products for WooCommerce 8.1 High2025-01-07

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.