Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-3536 Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization — Role Based Pricing for WooCommerce 8.8 -2022-11-07
CVE-2022-43567 Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature — Splunk Enterprise 8.8 High2022-11-04
CVE-2022-39379 Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) — fluentd 3.1 Low2022-11-02
CVE-2022-41779 Delta Electronics InfraSuite Device Master 代码问题漏洞 — InfraSuite Device Master 8.8 High2022-10-31
CVE-2022-38142 Delta Electronics InfraSuite Device Master 代码问题漏洞 — InfraSuite Device Master 9.8 Critical2022-10-31
CVE-2022-3334 Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection — Easy WP SMTP 7.2 -2022-10-31
CVE-2022-3357 Smart Slider 3 < 3.5.1.11 - PHP Object Injection — Smart Slider 3 9.8 -2022-10-31
CVE-2022-3360 LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API — LearnPress – WordPress LMS Plugin 8.1 -2022-10-31
CVE-2022-3366 PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection — PublishPress Capabilities – User Role Access, Editor Permissions, Admin Menus 7.2 -2022-10-31
CVE-2022-3374 Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection — Ocean Extra 7.2 -2022-10-31
CVE-2022-3380 Customizer Export/Import < 0.9.5 - Admin+ PHP Objection Injection — Customizer Export/Import 7.2 -2022-10-31
CVE-2022-40238 A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5 — VINCE - The Vulnerability Information and Coordination Environment 8.0 -2022-10-26
CVE-2022-3335 Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection — Kadence WooCommerce Email Designer 7.2 -2022-10-25
CVE-2022-38108 SolarWinds Platform Deserialization of Untrusted Data — SolarWinds Platform 7.2 High2022-10-20
CVE-2022-36958 SolarWinds Platform Deserialization of Untrusted Data — SolarWinds Platform 8.8 High2022-10-20
CVE-2022-36957 SolarWinds Platform Deserialization of Untrusted Data — SolarWinds Platform 7.2 High2022-10-20
CVE-2022-23734 Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution — GitHub Enterprise Server 8.8 -2022-10-19
CVE-2022-39198 Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass — Apache Dubbo 9.8 -2022-10-18
CVE-2022-39311 Compromised agents may be able to execute remote code on GoCD Server — gocd 9.1 Critical2022-10-14
CVE-2022-39297 Deserialization of untrusted data in MelisCms — melis-cms 7.7 High2022-10-12
CVE-2022-39298 Deserialization of untrusted data in MelisFront — melis-front 7.7 High2022-10-12
CVE-2022-39256 Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution. — C1-CMS-Foundation 9.0 Critical2022-09-27
CVE-2022-2903 NinjaForms < 3.6.13 - Admin+ PHP Objection Injection — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress 7.2 -2022-09-26
CVE-2022-40955 Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC — Apache InLong 8.8 -2022-09-20
CVE-2022-36038 CircuitVerse potential RCE vulnerability via Oj.load — CircuitVerse 8.8 High2022-09-06
CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization — String locator 8.8 High2022-09-06
CVE-2022-2436 Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization — Download Manager 8.8 High2022-09-06
CVE-2022-2438 Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization — Broken Link Checker 7.2 High2022-09-06
CVE-2022-2442 Migration, Backup, Staging – WPvivid <= 0.9.74 - Authenticated (Admin+) PHAR Deserialization — WPvivid — Backup, Migration & Staging 7.2 High2022-09-06
CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization — Ajax Load More – Infinite Scroll, Load More, & Lazy Load 7.5 High2022-09-06

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.