VYPR

CWE-502

Deserialization of Untrusted Data

BaseDraftLikelihood: Medium

Description

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-586

CVEs mapped to this weakness (1,721)

page 57 of 87
  • CVE-2026-28138HigFeb 26, 2026
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0.

  • CVE-2026-25316HigFeb 19, 2026
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19.

  • CVE-2026-22333HigFeb 19, 2026
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through <= 3.6.0.

  • CVE-2026-2113HigFeb 7, 2026
    risk 0.47cvss 7.3epss 0.01

    A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible…

  • CVE-2025-68038HigDec 24, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through < 5.9.14.

  • CVE-2025-66073HigNov 21, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through <= 3.3.8.

  • CVE-2025-66055HigNov 21, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10.

  • CVE-2025-11135HigSep 29, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.database.php of the component Cookie Handler. Performing manipulation of the argument…

  • CVE-2025-58662HigSep 22, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in awesomesupport Awesome Support awesome-support allows Object Injection.This issue affects Awesome Support: from n/a through <= 6.3.5.

  • CVE-2025-57919HigSep 22, 2025
    risk 0.47cvss 7.2epss 0.01

    Deserialization of Untrusted Data vulnerability in ConveyThis ConveyThis conveythis-translate allows Object Injection.This issue affects ConveyThis: from n/a through <= 269.1.

  • CVE-2025-53465HigSep 22, 2025
    risk 0.47cvss 7.2epss 0.01

    Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector sheetlink allows Object Injection.This issue affects GSheets Connector: from n/a through <= 1.1.1.

  • CVE-2025-58839HigSep 5, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through <= 1.2.

  • CVE-2025-58815HigSep 5, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through <= 2.0.2.

  • CVE-2025-58644HigSep 3, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition ltl-freight-quotes-tql-edition allows Object Injection.This issue affects LTL Freight Quotes - TQL Edition: from n/a through <= 1.2.6.

  • CVE-2025-58643HigSep 3, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition ltl-freight-quotes-daylight-edition allows Object Injection.This issue affects LTL Freight Quotes – Daylight Edition: from n/a through <= 2.2.7.

  • CVE-2025-58642HigSep 3, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition ltl-freight-quotes-day-ross-edition allows Object Injection.This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through <= 2.1.11.

  • CVE-2025-54012HigAug 20, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Object Injection.This issue affects Welcart e-Commerce: from n/a through <= 2.11.16.

  • CVE-2025-47536HigAug 14, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through <= 7.0.0.

  • CVE-2025-53990HigJul 16, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Object Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.1.2.

  • CVE-2025-7216HigJul 9, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It…