Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-11465 Custom Product Tabs for WooCommerce <= 1.8.5 - Authenticated (Shop Manager+) PHP Object Injection — Custom Product Tabs for WooCommerce 7.2 High2025-01-07
CVE-2024-20150 MediaTek Chipsets 安全漏洞 — MT2735, MT2737, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6880T, MT6880U, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8863 7.5 -2025-01-06
CVE-2024-13136 wangl1989 mysiteforme ShiroConfig.java rememberMeManager deserialization — mysiteforme 6.3 Medium2025-01-05
CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection — UpdraftPlus: WP Backup & Migration Plugin 8.8 High2025-01-04
CVE-2024-10932 Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace' — BackupBliss – Backup & Migration with Free Cloud Storage 8.8 High2025-01-04
CVE-2024-56068 WordPress WP SuperBackup plugin <= 2.3.3 - Subscriber+ PHP Object Injection vulnerability — WP SuperBackup 7.5 High2024-12-31
CVE-2024-12994 running-elephant Datart File Upload import extractModel deserialization — Datart 6.3 Medium2024-12-28
CVE-2024-52046 Apache MINA: MINA applications using unbounded deserialization may allow RCE — Apache MINA 9.8 -2024-12-25
CVE-2024-12721 Custom Product Tabs For WooCommerce <= 1.2.4 - Authenticated (Shop Manager+) PHP Object Injection — Custom Product tabs for WooCommerce 7.2 High2024-12-21
CVE-2024-12677 Delta Electronics DTM Soft Deserialization of Untrusted Data — DTM Soft 7.8 High2024-12-20
CVE-2024-12741 Deserialization Of Untrusted Data Vulnerability In NI DAQExpress Project File — DAQExpress 7.8 High2024-12-18
CVE-2024-56058 WordPress VRPConnector plugin <= 2.0.1 - PHP Object Injection vulnerability — VRPConnector 9.8 Critical2024-12-18
CVE-2024-12687 Insecure YAML Deserialization — PlexTrac 9.8 -2024-12-16
CVE-2024-10095 Progress UI for WPF format provider unsafe deserialization vulnerability — Telerik UI for WPF 8.4 High2024-12-16
CVE-2024-54367 WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability — ForumWP 9.8 Critical2024-12-16
CVE-2024-54282 WordPress WP Mega Menu plugin <= 1.4.2 - PHP Object Injection vulnerability — WP Mega Menu 7.2 High2024-12-13
CVE-2024-54273 WordPress Mail Picker plugin <= 1.0.14 - PHP Object Injection vulnerability — Mail Picker 9.8 Critical2024-12-13
CVE-2024-11839 Insecure Deserialization via Runbooks Imports — PlexTrac 9.8 -2024-12-13
CVE-2024-49147 Microsoft Update Catalog Elevation of Privilege Vulnerability — Microsoft Update Catalog 9.3 Critical2024-12-12
CVE-2024-12312 Print Science Designer <= 1.3.152 - Unauthenticated PHP Object Injection — Print Science Designer 8.1 High2024-12-12
CVE-2024-11949 GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability — Archiver 8.8 -2024-12-11
CVE-2024-11947 GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability — Archiver 8.8 -2024-12-11
CVE-2024-53247 Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app — Splunk Enterprise 8.8 High2024-12-10
CVE-2024-49063 Microsoft/Muzic Remote Code Execution Vulnerability — Muzic 8.4 High2024-12-10
CVE-2024-49070 Microsoft SharePoint Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 7.4 High2024-12-10
CVE-2024-49849 Siemens SIMATIC WinCC和Siemens SIMATIC STEP 代码问题漏洞 — SIMATIC S7-PLCSIM V16 7.8 High2024-12-10
CVE-2024-11501 Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection — Gallery 8.8 High2024-12-07
CVE-2024-54135 Untrusted Deserialization in ClipBucket-v5 Version 2.0 to 5.5.1 Revision 199 — clipbucket-v5 9.8 Critical2024-12-06
CVE-2024-54136 Untrusted Deserialization in ClipBucket-v5 Version 5.5.1 Revision 199 and Below — clipbucket-v5 9.8 Critical2024-12-06
CVE-2022-41137 Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore — Apache Hive 8.8 -2024-12-05

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.