VYPR

CWE-502

Deserialization of Untrusted Data

BaseDraftLikelihood: Medium

Description

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-586

CVEs mapped to this weakness (1,721)

page 47 of 87
  • CVE-2024-49375CriJan 14, 2025
    risk 0.52cvss 9.0epss 0.01

    Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API…

  • CVE-2024-32030HigJun 19, 2024
    risk 0.52cvss 8.1epss 0.34

    Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by…

  • CVE-2024-4044HigMay 14, 2024
    risk 0.52cvss 7.8epss 0.15

    A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability…

  • CVE-2024-30229HigMar 28, 2024
    risk 0.52cvss 8.0epss 0.01

    Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.4.2.

  • CVE-2024-24926HigFeb 12, 2024
    risk 0.52cvss 7.5epss 0.01

    Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6.

  • CVE-2024-24590HigFeb 6, 2024
    risk 0.52cvss 8.0epss 0.02

    Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.

  • CVE-2022-39256CriSep 27, 2022
    risk 0.52cvss 9.0epss 0.01

    Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated…

  • CVE-2026-24228HigJun 16, 2026
    risk 0.51cvss 7.8epss 0.00

    NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.

  • CVE-2026-12191HigJun 14, 2026
    risk 0.51cvss 7.8epss 0.00

    A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The…

  • CVE-2026-25551HigJun 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe,…

  • CVE-2026-24237HigJun 2, 2026
    risk 0.51cvss 7.8epss 0.00

    NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

  • CVE-2026-24221HigJun 2, 2026
    risk 0.51cvss 7.8epss 0.00

    NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure.

  • CVE-2026-24162HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

  • CVE-2026-24216HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.00

    NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

  • CVE-2024-53326HigMay 8, 2026
    risk 0.51cvss 7.3epss 0.00

    LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution.

  • CVE-2026-7584HigMay 1, 2026
    risk 0.51cvss 7.8epss 0.00

    The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any…

  • CVE-2026-32192HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.02

    Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32184HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.02

    Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-24165HigMar 31, 2026
    risk 0.51cvss 7.8epss 0.00

    NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

  • CVE-2026-4416HigMar 30, 2026
    risk 0.51cvss 7.8epss 0.00

    The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation.