Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-27985 WordPress PropertyHive plugin <= 2.0.9 - PHP Object Injection vulnerability — PropertyHive 5.4 Medium2024-03-21
CVE-2024-29032 `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code — qiskit-ibm-runtime 5.3 Medium2024-03-20
CVE-2024-1856 Progress Telerik Reporting Remote Deserialization Vulnerability — Telerik Reporting 8.5 High2024-03-20
CVE-2024-1801 Progress Telerik Reporting Local Deserialization Vulnerability — Telerik Reporting 7.7 High2024-03-20
CVE-2024-1800 Progress Telerik Report Server Deserialization — Telerik Report Server 9.9 Critical2024-03-20
CVE-2024-2721 WordPress Social Media Share Buttons plugin <= 2.1.0 - PHP Object Injection vulnerability — Social Media Share Buttons 8.2 High2024-03-20
CVE-2024-29136 WordPress Tourfic plugin <= 2.11.17 - PHP Object Injection vulnerability — Tourfic 8.5 High2024-03-19
CVE-2024-2229 Schneider Electric EcoStruxure Power Design 代码问题漏洞 — EcoStruxure Power Design - Ecodial 7.8 High2024-03-18
CVE-2024-1685 Social Media Share Buttons <= 2.1.0 - Authenticated (Subscriber+) PHP Object Injection — Social Media Share Buttons 8.8 High2024-03-16
CVE-2024-28859 Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency — symfony1 5.0 Medium2024-03-15
CVE-2024-1950 Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.7 - Authenticated(Contributor+) PHP Object Injection — Product Carousel Slider & Grid Ultimate for WooCommerce 7.5 High2024-03-13
CVE-2024-1951 Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.3.8 - Authenticated(Contributor+) PHP Object Injection — Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid 7.5 High2024-03-13
CVE-2024-2006 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup — Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget 8.8 High2024-03-13
CVE-2024-1772 Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Authenticated (Contributor+) PHP Object Injection — Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio 8.8 High2024-03-13
CVE-2024-1773 PDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated (Subscriber+) PHP Object Injection — PDF Invoices and Packing Slips For WooCommerce 8.8 High2024-03-07
CVE-2024-28213 nGrinder 安全漏洞 — nGrinder 9.8AICriticalAI2024-03-07
CVE-2024-28212 nGrinder 安全漏洞 — nGrinder 9.8AICriticalAI2024-03-07
CVE-2024-28211 nGrinder 安全漏洞 — nGrinder 9.8AICriticalAI2024-03-07
CVE-2024-26580 Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability — Apache InLong 9.1AICriticalAI2024-03-06
CVE-2024-2054 Artica Proxy Unauthenticated PHP Deserialization Vulnerability — Artica Proxy 9.8 -2024-03-05
CVE-2024-0825 Vimeography: Vimeo Video Gallery WordPress Plugin <= 2.3.2 - Authenticated (Contributor+) PHP Object Injection — Vimeography: Vimeo Video Gallery WordPress Plugin 8.8 High2024-03-05
CVE-2024-1731 Auto Refresh Single Page <= 1.1 - Authenticated (Contributor+) PHP Object Injection — Auto Refresh Single Page 8.8 High2024-03-05
CVE-2024-0692 SolarWinds Security Event Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Security Event Manager 8.8 High2024-03-01
CVE-2024-1859 Slider Responsive Slideshow – Image slider, Gallery slideshow <= 1.3.8 - Authenticated (Contributor+) PHP Object Injection — Responsive Slideshow 8.8 High2024-03-01
CVE-2023-51518 Apache James server: Privilege escalation via JMX pre-authentication deserialisation — Apache James server 7.8 -2024-02-27
CVE-2024-1750 TemmokuMVC Image Download images_get_down.php img_replace deserialization — TemmokuMVC 5.6 Medium2024-02-22
CVE-2024-1748 van_der_Schaar LAB AutoPrognosis Release Note load_model_from_file deserialization — AutoPrognosis 5.0 Medium2024-02-22
CVE-2023-51389 HertzBeat SnakeYAML Deser RCE — hertzbeat 9.8 Critical2024-02-22
CVE-2024-23114 Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository — Apache Camel 9.8 -2024-02-20
CVE-2024-22369 Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository — Apache Camel 9.8 -2024-02-20

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.