Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1668

1668 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' — Database for Contact Form 7, WPforms, Elementor forms 9.8 Critical2026-03-05
CVE-2026-28105 WordPress Good Energy theme <= 1.7.7 - PHP Object Injection vulnerability — Good Energy 9.8 -2026-03-05
CVE-2026-28074 WordPress Pizza House theme <= 1.4.0 - PHP Object Injection vulnerability — Pizza House 9.8 -2026-03-05
CVE-2026-27439 WordPress Dentario theme <= 1.5 - PHP Object Injection vulnerability — Dentario 9.8 -2026-03-05
CVE-2026-27417 WordPress Sweet Date theme < 4.0.1 - PHP Object Injection vulnerability — Sweet Date 9.8 -2026-03-05
CVE-2026-27438 WordPress Kingler theme <= 1.7 - PHP Object Injection vulnerability — Kingler 9.8 -2026-03-05
CVE-2026-27437 WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability — Tennis Club 9.8 -2026-03-05
CVE-2026-27379 WordPress NextScripts plugin <= 4.4.7 - PHP Object Injection vulnerability — NextScripts 8.8 -2026-03-05
CVE-2026-27369 WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability — Celeste 9.8 -2026-03-05
CVE-2026-27338 WordPress Car Zone theme <= 3.7 - Deserialization of untrusted data vulnerability — Car Zone 8.8 -2026-03-05
CVE-2026-27098 WordPress Au Pair Agency - Babysitting & Nanny Theme theme <= 1.2.2 - Deserialization of untrusted data vulnerability — Au Pair Agency - Babysitting & Nanny Theme 9.8 -2026-03-05
CVE-2026-23798 WordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerability — PowerPress Podcasting 9.8 -2026-03-05
CVE-2026-24385 WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability — Podlove Web Player 9.8 -2026-03-05
CVE-2026-22501 WordPress Mounthood theme <= 1.3.2 - PHP Object Injection vulnerability — Mounthood 9.8 -2026-03-05
CVE-2026-22497 WordPress Jardi theme <= 1.7.2 - PHP Object Injection vulnerability — Jardi 9.8 -2026-03-05
CVE-2026-22475 WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability — Estate 8.8 -2026-03-05
CVE-2026-22474 WordPress Equestrian Centre theme <= 1.5 - PHP Object Injection vulnerability — Equestrian Centre 9.8 -2026-03-05
CVE-2026-22473 WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability — Dental Clinic 9.8 -2026-03-05
CVE-2026-22471 WordPress Secudeal Payments for Ecommerce plugin <= 1.1 - PHP Object Injection vulnerability — Secudeal Payments for Ecommerce 8.8 High2026-03-05
CVE-2026-22453 WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability — Pets Club 9.8 -2026-03-05
CVE-2026-22451 WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability — Handyman 9.8 -2026-03-05
CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability — Solaris 9.8 -2026-03-05
CVE-2026-22417 WordPress Grand Wedding theme < 3.1.11 - PHP Object Injection vulnerability — Grand Wedding 9.8 Critical2026-03-05
CVE-2025-54001 WordPress Classter theme <= 2.5 - PHP Object Injection vulnerability — Classter 9.8 -2026-03-05
CVE-2026-20131 Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability — Cisco Secure Firewall Management Center (FMC) 10.0 Critical2026-03-04
CVE-2026-3452 Concrete CMS below 9.4.8 is vulnerable to stored deserialization leading to RCE in the Express Entry List block. — Concrete CMS 7.2 -2026-03-04
CVE-2026-27971 Qwik affected by unauthenticated RCE via server$ Deserialization — qwik 9.8AICriticalAI2026-03-03
CVE-2025-52998 Chamilo: PHAR deserialization bypass — chamilo-lms 8.1AIHighAI2026-03-02
CVE-2025-50198 Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters — chamilo-lms 9.8AICriticalAI2026-03-02
CVE-2024-47886 Chamilo: Post-Auth Remote Code Execution — chamilo-lms 7.2AIHighAI2026-03-02

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1668 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.