CWE-502

Deserialization of Untrusted Data

BaseDraftLikelihood: Medium

Description

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Hierarchy (View 1000)

Parents

CWE-913

Children

none

Related attack patterns (CAPEC)

CAPEC-586

CVEs mapped to this weakness (971)

page 25 of 49

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-24779	Hig	0.57	8.8	0.00	Jul 16, 2025	Deserialization of Untrusted Data vulnerability in NooTheme Yogi yogi allows Object Injection.This issue affects Yogi: from n/a through < 2.9.3.
CVE-2025-24777	Hig	0.57	8.8	0.00	Jul 16, 2025	Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7.
CVE-2025-52828	Hig	0.57	8.8	0.00	Jul 4, 2025	Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through <= 3.8.
CVE-2025-52827	Hig	0.57	8.8	0.00	Jun 27, 2025	Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through <= 1.3.3.
CVE-2025-52826	Hig	0.57	8.8	0.00	Jun 27, 2025	Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3.
CVE-2025-39358	Hig	0.57	8.8	0.00	Jun 6, 2025	Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through <= 1.3.12.
CVE-2025-47660	Hig	0.57	8.8	0.00	May 23, 2025	Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate wc-affiliate allows Object Injection.This issue affects WC Affiliate: from n/a through <= 2.16.
CVE-2025-32293	Hig	0.57	8.8	0.00	May 23, 2025	Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through <= 2.8.
CVE-2025-32284	Hig	0.57	8.8	0.00	May 23, 2025	Deserialization of Untrusted Data vulnerability in designthemes Pet World petsworld allows Object Injection.This issue affects Pet World: from n/a through <= 2.8.
CVE-2025-31924	Hig	0.57	8.8	0.00	May 23, 2025	Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts crafts-and-arts allows Object Injection.This issue affects Crafts & Arts: from n/a through <= 2.5.
CVE-2025-23254	Hig	0.57	8.8	0.01	May 1, 2025	NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering.
CVE-2025-39527	Hig	0.57	8.8	0.00	Apr 17, 2025	Deserialization of Untrusted Data vulnerability in bestweblayout Rating by BestWebSoft rating-bws allows Object Injection.This issue affects Rating by BestWebSoft: from n/a through <= 1.7.
CVE-2025-32686	Hig	0.57	8.8	0.00	Apr 17, 2025	Deserialization of Untrusted Data vulnerability in WPSpeedo Team Members wps-team allows Object Injection.This issue affects Team Members: from n/a through <= 3.4.4.
CVE-2025-32662	Hig	0.57	8.8	0.00	Apr 17, 2025	Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0.
CVE-2025-32647	Hig	0.57	8.8	0.00	Apr 17, 2025	Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer question-answer allows Object Injection.This issue affects Question Answer: from n/a through <= 1.2.73.
CVE-2025-32571	Hig	0.57	8.8	0.00	Apr 17, 2025	Deserialization of Untrusted Data vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Object Injection.This issue affects TuriTop Booking System: from n/a through <= 1.0.10.
CVE-2025-31932	Hig	0.57	8.8	0.00	Apr 11, 2025	Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console. The vendor provides the workaround information and recommends to apply it to the deployment environment.
CVE-2025-32144	Hig	0.57	8.8	0.00	Apr 11, 2025	Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager job-board-manager allows Object Injection.This issue affects Job Board Manager: from n/a through <= 2.1.61.
CVE-2025-32143	Hig	0.57	8.8	0.00	Apr 11, 2025	Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through <= 2.3.11.
CVE-2025-32145	Hig	0.57	8.8	0.00	Apr 10, 2025	Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 4.3.6.

CVE-2025-24779HigJul 16, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in NooTheme Yogi yogi allows Object Injection.This issue affects Yogi: from n/a through < 2.9.3.
CVE-2025-24777HigJul 16, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7.
CVE-2025-52828HigJul 4, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through <= 3.8.
CVE-2025-52827HigJun 27, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through <= 1.3.3.
CVE-2025-52826HigJun 27, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3.
CVE-2025-39358HigJun 6, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through <= 1.3.12.
CVE-2025-47660HigMay 23, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate wc-affiliate allows Object Injection.This issue affects WC Affiliate: from n/a through <= 2.16.
CVE-2025-32293HigMay 23, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through <= 2.8.
CVE-2025-32284HigMay 23, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in designthemes Pet World petsworld allows Object Injection.This issue affects Pet World: from n/a through <= 2.8.
CVE-2025-31924HigMay 23, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts crafts-and-arts allows Object Injection.This issue affects Crafts & Arts: from n/a through <= 2.5.
CVE-2025-23254HigMay 1, 2025
risk 0.57cvss 8.8epss 0.01
NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering.
CVE-2025-39527HigApr 17, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in bestweblayout Rating by BestWebSoft rating-bws allows Object Injection.This issue affects Rating by BestWebSoft: from n/a through <= 1.7.
CVE-2025-32686HigApr 17, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in WPSpeedo Team Members wps-team allows Object Injection.This issue affects Team Members: from n/a through <= 3.4.4.
CVE-2025-32662HigApr 17, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0.
CVE-2025-32647HigApr 17, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer question-answer allows Object Injection.This issue affects Question Answer: from n/a through <= 1.2.73.
CVE-2025-32571HigApr 17, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Object Injection.This issue affects TuriTop Booking System: from n/a through <= 1.0.10.
CVE-2025-31932HigApr 11, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console. The vendor provides the workaround information and recommends to apply it to the deployment environment.
CVE-2025-32144HigApr 11, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager job-board-manager allows Object Injection.This issue affects Job Board Manager: from n/a through <= 2.1.61.
CVE-2025-32143HigApr 11, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through <= 2.3.11.
CVE-2025-32145HigApr 10, 2025
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 4.3.6.