Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-36825 Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution — platform 9.7 Critical2023-07-11
CVE-2023-33160 Microsoft SharePoint Server Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 8.8 High2023-07-11
CVE-2023-33134 Microsoft SharePoint Server Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 8.8 High2023-07-11
CVE-2023-35317 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability — Windows Server 2019 7.8 High2023-07-11
CVE-2023-34347 ​Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data — Infrasuite Device Master 9.8 Critical2023-07-10
CVE-2023-33008 Apache Johnzon: Prevent inefficient internal conversion from BigDecimal at large scale — Apache Johnzon 7.5 -2023-07-07
CVE-2023-31222 Medtronic Paceart MSMQ Deserialization of Untrusted Data — Paceart Optima 9.8 Critical2023-06-29
CVE-2023-33299 Fortinet FortiNAC 代码问题漏洞 — FortiNAC 9.6 Critical2023-06-23
CVE-2023-3308 whaleal IceFrog Aviator Template Engine deserialization — IceFrog 5.5 Medium2023-06-18
CVE-2023-32031 Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server 2019 Cumulative Update 12 8.8 High2023-06-14
CVE-2023-28310 Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server 2016 Cumulative Update 23 8.0 High2023-06-14
CVE-2023-3001 Schneider Electric IGSS 代码问题漏洞 — IGSS Dashboard (DashBoard.exe) 7.8 High2023-06-14
CVE-2023-3234 Zhong Bang CRMEB PublicController.php put_image deserialization — CRMEB 4.3 Medium2023-06-14
CVE-2023-3232 Zhong Bang CRMEB Image Upload app_auth deserialization — CRMEB 6.3 Medium2023-06-14
CVE-2023-34212 Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components — Apache NiFi 8.8 -2023-06-12
CVE-2020-36727 Newsletter Manager <= 1.5.1 - Insecure Deserialization — Newsletter Manager 9.8 Critical2023-06-07
CVE-2020-36726 Ultimate Reviews < 2.1.33 - PHP Object Injection — Ultimate Reviews 9.8 Critical2023-06-07
CVE-2020-36718 GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection — GDPR CCPA Compliance & Cookie Consent Banner 9.8 Critical2023-06-07
CVE-2023-33963 DataEase data source has deserialization vulnerability — dataease 9.8 Critical2023-06-01
CVE-2023-2500 Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Subscriber+) PHP Object Injection — Go Pricing - WordPress Responsive Pricing Tables 8.8 High2023-05-24
CVE-2022-4815 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data — Pentaho Business Analytics Server 8.0 High2023-05-24
CVE-2023-31058 Apache InLong: JDBC URL bypassing by adding blanks — Apache InLong 9.8 -2023-05-22
CVE-2023-32336 IBM InfoSphere Information Server code execution — InfoSphere Information Server 8.8 High2023-05-22
CVE-2023-30899 Siemens Siveillance Video Mobile Server 代码问题漏洞 — Siveillance Video 2020 R2 9.9 Critical2023-05-09
CVE-2023-30898 Siemens Siveillance Video Mobile Server 代码问题漏洞 — Siveillance Video 2020 R2 9.9 Critical2023-05-09
CVE-2023-20853 aEnrich a+HRD - Deserialization of Untrusted Data — a+HRD 9.8 Critical2023-04-27
CVE-2023-20852 aEnrich a+HRD - Deserialization of Untrusted Data — a+HRD 9.8 Critical2023-04-27
CVE-2023-2141 Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022 — DELMIA Apriso 8.5 High2023-04-21
CVE-2023-2042 DataGear JDBC Server deserialization — DataGear 6.3 Medium2023-04-14
CVE-2023-29216 Apache Linkis DatasourceManager module has a deserialization command execution — Apache Linkis 9.8 -2023-04-10

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.