Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1676

1676 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0762 GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability — GPT Academic 9.8 -2026-01-23
CVE-2026-0760 Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability — MetaGPT 9.8 -2026-01-23
CVE-2025-69099 WordPress North theme <= 5.7.5 - PHP Object Injection vulnerability — North 8.8AIHighAI2026-01-22
CVE-2025-69079 WordPress Sound | Musical Instruments Online Store theme <= 1.6.9 - Deserialization of untrusted data vulnerability — Sound | Musical Instruments Online Store 9.8AICriticalAI2026-01-22
CVE-2025-69035 WordPress Dental Care CPT plugin <= 20.2 - PHP Object Injection vulnerability — Dental Care CPT 9.8AICriticalAI2026-01-22
CVE-2025-69036 WordPress Tech Life CPT plugin <= 16.4 - PHP Object Injection vulnerability — Tech Life CPT 9.8AICriticalAI2026-01-22
CVE-2025-69002 WordPress OneLife theme <= 3.9 - PHP Object Injection vulnerability — OneLife 8.8AIHighAI2026-01-22
CVE-2025-68903 WordPress Anona theme <= 8.0 - PHP Object Injection vulnerability — Anona 9.8AICriticalAI2026-01-22
CVE-2025-68899 WordPress Vivagh theme <= 2.4 - PHP Object Injection vulnerability — Vivagh 9.8AICriticalAI2026-01-22
CVE-2025-68047 WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability — Eventin 9.8AICriticalAI2026-01-22
CVE-2025-67617 WordPress Consult Aid theme <= 1.4.3 - PHP Object Injection vulnerability — Consult Aid 8.8AIHighAI2026-01-22
CVE-2025-67619 WordPress Kids Heaven theme <= 3.2 - PHP Object Injection vulnerability — Kids Heaven 8.8AIHighAI2026-01-22
CVE-2025-50004 WordPress JupiterX Core plugin <= 4.10.1 - PHP Object Injection vulnerability — JupiterX Core 8.8 High2026-01-22
CVE-2026-24009 Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage — docling-core 8.1 High2026-01-22
CVE-2026-23946 Tendenci has Authenticated Remote Code Execution via Pickle Deserialization — tendenci 6.8 Medium2026-01-22
CVE-2026-23737 seroval Affected by Remote Code Execution via JSON Deserialization — seroval 7.5 High2026-01-21
CVE-2026-23524 Laravel Redis Horizontal Scaling Insecure Deserialization — reverb 9.8 Critical2026-01-21
CVE-2026-0726 Nexter Extension – Site Enhancements Toolkit <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace' — Nexter Extension – Security, Performance, Code Snippets & Site Toolkit 8.1 High2026-01-20
CVE-2026-0895 Insecure Deserialization in extension "Mailqueue" (mailqueue) — Extension "Mailqueue" 9.8AICriticalAI2026-01-20
CVE-2023-7334 Changjetong T+ <= 16.x GetStoreWarehouseByStore Deserialization RCE — T+ 9.8AICriticalAI2026-01-15
CVE-2026-21226 Azure Core shared client library for Python Remote Code Execution Vulnerability — Azure Core shared client library for Python 7.5 High2026-01-13
CVE-2026-20963 Microsoft SharePoint Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 9.8 Critical2026-01-13
CVE-2026-0859 TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool — TYPO3 CMS 7.8AIHighAI2026-01-13
CVE-2024-14021 LlamaIndex <= 0.11.6 BGEM3Index Unsafe Deserialization — llama_index 7.8AIHighAI2026-01-12
CVE-2025-69276 Spectrum insecure deserialiation — DX NetOps Spectrum 9.8AICriticalAI2026-01-12
CVE-2026-22612 Fickling vulnerable to detection bypass due to "builtins" blindness — fickling 9.1 -2026-01-10
CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability — Newsletters 9.8 -2026-01-08
CVE-2026-22187 Bio-Formats <= 8.3.0 Memoizer Unsafe Deserialization via .bfmemo Cache Files — Bio-Formats 9.8 -2026-01-07
CVE-2025-47552 WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability — DZS Video Gallery 9.8 Critical2026-01-07
CVE-2025-47553 WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability — DZS Video Gallery 8.8 High2026-01-06

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.