CWE-502
Deserialization of Untrusted Data
Description
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-586
CVEs mapped to this weakness (1,721)
page 33 of 87| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-50460 | Cri | 0.57 | 9.8 | 0.02 | Aug 1, 2025 | A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). If an attacker can control the content of the YAML configuration file passed to… | ||
| CVE-2025-7697 | Cri | 0.57 | 9.8 | 0.01 | Jul 19, 2025 | The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.1 via deserialization of untrusted input within the verify_field_val() function. This makes… | ||
| CVE-2025-7696 | Cri | 0.57 | 9.8 | 0.01 | Jul 19, 2025 | The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verify_field_val() function. This makes it… | ||
| CVE-2025-7433 | Hig | 0.57 | 8.8 | 0.00 | Jul 17, 2025 | A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution. | ||
| CVE-2025-31422 | Hig | 0.57 | 8.8 | 0.00 | Jul 16, 2025 | Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through <= 2.4. | ||
| CVE-2025-30949 | Cri | 0.57 | 9.8 | 0.01 | Jul 16, 2025 | Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram site-chat-on-telegram allows Object Injection.This issue affects Site Chat on Telegram: from n/a through <= 1.0.4. | ||
| CVE-2025-24779 | Hig | 0.57 | 8.8 | 0.00 | Jul 16, 2025 | Deserialization of Untrusted Data vulnerability in NooTheme Yogi yogi allows Object Injection.This issue affects Yogi: from n/a through < 2.9.3. | ||
| CVE-2025-24777 | Hig | 0.57 | 8.8 | 0.00 | Jul 16, 2025 | Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7. | ||
| CVE-2025-52828 | Hig | 0.57 | 8.8 | 0.00 | Jul 4, 2025 | Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through <= 3.8. | ||
| CVE-2025-52827 | Hig | 0.57 | 8.8 | 0.00 | Jun 27, 2025 | Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through <= 1.3.3. | ||
| CVE-2025-52826 | Hig | 0.57 | 8.8 | 0.00 | Jun 27, 2025 | Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3. | ||
| CVE-2025-39358 | Hig | 0.57 | 8.8 | 0.00 | Jun 6, 2025 | Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through <= 1.3.12. | ||
| CVE-2025-32293 | Hig | 0.57 | 8.8 | 0.00 | May 23, 2025 | Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through <= 2.8. | ||
| CVE-2025-32284 | Hig | 0.57 | 8.8 | 0.00 | May 23, 2025 | Deserialization of Untrusted Data vulnerability in designthemes Pet World petsworld allows Object Injection.This issue affects Pet World: from n/a through <= 2.8. | ||
| CVE-2025-31924 | Hig | 0.57 | 8.8 | 0.00 | May 23, 2025 | Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts crafts-and-arts allows Object Injection.This issue affects Crafts & Arts: from n/a through <= 2.5. | ||
| CVE-2025-23254 | Hig | 0.57 | 8.8 | 0.00 | May 1, 2025 | NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data… | ||
| CVE-2025-39527 | — | Hig | 0.57 | 8.8 | 0.00 | Apr 17, 2025 | Deserialization of Untrusted Data vulnerability in bestweblayout Rating by BestWebSoft rating-bws allows Object Injection.This issue affects Rating by BestWebSoft: from n/a through <= 1.7. | |
| CVE-2025-32686 | Hig | 0.57 | 8.8 | 0.00 | Apr 17, 2025 | Deserialization of Untrusted Data vulnerability in WPSpeedo Team Members wps-team allows Object Injection.This issue affects Team Members: from n/a through <= 3.4.4. | ||
| CVE-2025-32662 | Hig | 0.57 | 8.8 | 0.00 | Apr 17, 2025 | Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0. | ||
| CVE-2025-32647 | Hig | 0.57 | 8.8 | 0.00 | Apr 17, 2025 | Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer question-answer allows Object Injection.This issue affects Question Answer: from n/a through <= 1.2.73. |
- risk 0.57cvss 9.8epss 0.02
A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). If an attacker can control the content of the YAML configuration file passed to…
- risk 0.57cvss 9.8epss 0.01
The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.1 via deserialization of untrusted input within the verify_field_val() function. This makes…
- risk 0.57cvss 9.8epss 0.01
The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verify_field_val() function. This makes it…
- risk 0.57cvss 8.8epss 0.00
A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through <= 2.4.
- risk 0.57cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram site-chat-on-telegram allows Object Injection.This issue affects Site Chat on Telegram: from n/a through <= 1.0.4.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in NooTheme Yogi yogi allows Object Injection.This issue affects Yogi: from n/a through < 2.9.3.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through <= 3.8.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through <= 1.3.3.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through <= 1.3.12.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through <= 2.8.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in designthemes Pet World petsworld allows Object Injection.This issue affects Pet World: from n/a through <= 2.8.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts crafts-and-arts allows Object Injection.This issue affects Crafts & Arts: from n/a through <= 2.5.
- risk 0.57cvss 8.8epss 0.00
NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data…
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in bestweblayout Rating by BestWebSoft rating-bws allows Object Injection.This issue affects Rating by BestWebSoft: from n/a through <= 1.7.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in WPSpeedo Team Members wps-team allows Object Injection.This issue affects Team Members: from n/a through <= 3.4.4.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer question-answer allows Object Injection.This issue affects Question Answer: from n/a through <= 1.2.73.