CWE-502
Deserialization of Untrusted Data
Description
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-586
CVEs mapped to this weakness (1,721)
page 57 of 87| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28138 | — | Hig | 0.47 | 7.2 | 0.00 | Feb 26, 2026 | Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0. | |
| CVE-2026-25316 | Hig | 0.47 | 7.2 | 0.00 | Feb 19, 2026 | Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19. | ||
| CVE-2026-22333 | Hig | 0.47 | 7.2 | 0.00 | Feb 19, 2026 | Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through <= 3.6.0. | ||
| CVE-2026-2113 | Hig | 0.47 | 7.3 | 0.01 | Feb 7, 2026 | A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible… | ||
| CVE-2025-68038 | Hig | 0.47 | 7.2 | 0.00 | Dec 24, 2025 | Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through < 5.9.14. | ||
| CVE-2025-66073 | Hig | 0.47 | 7.2 | 0.00 | Nov 21, 2025 | Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through <= 3.3.8. | ||
| CVE-2025-66055 | Hig | 0.47 | 7.2 | 0.00 | Nov 21, 2025 | Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10. | ||
| CVE-2025-11135 | Hig | 0.47 | 7.3 | 0.00 | Sep 29, 2025 | A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.database.php of the component Cookie Handler. Performing manipulation of the argument… | ||
| CVE-2025-58662 | Hig | 0.47 | 7.2 | 0.00 | Sep 22, 2025 | Deserialization of Untrusted Data vulnerability in awesomesupport Awesome Support awesome-support allows Object Injection.This issue affects Awesome Support: from n/a through <= 6.3.5. | ||
| CVE-2025-57919 | Hig | 0.47 | 7.2 | 0.01 | Sep 22, 2025 | Deserialization of Untrusted Data vulnerability in ConveyThis ConveyThis conveythis-translate allows Object Injection.This issue affects ConveyThis: from n/a through <= 269.1. | ||
| CVE-2025-53465 | Hig | 0.47 | 7.2 | 0.01 | Sep 22, 2025 | Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector sheetlink allows Object Injection.This issue affects GSheets Connector: from n/a through <= 1.1.1. | ||
| CVE-2025-58839 | Hig | 0.47 | 7.2 | 0.00 | Sep 5, 2025 | Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through <= 1.2. | ||
| CVE-2025-58815 | Hig | 0.47 | 7.2 | 0.00 | Sep 5, 2025 | Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through <= 2.0.2. | ||
| CVE-2025-58644 | Hig | 0.47 | 7.2 | 0.00 | Sep 3, 2025 | Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition ltl-freight-quotes-tql-edition allows Object Injection.This issue affects LTL Freight Quotes - TQL Edition: from n/a through <= 1.2.6. | ||
| CVE-2025-58643 | Hig | 0.47 | 7.2 | 0.00 | Sep 3, 2025 | Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition ltl-freight-quotes-daylight-edition allows Object Injection.This issue affects LTL Freight Quotes – Daylight Edition: from n/a through <= 2.2.7. | ||
| CVE-2025-58642 | Hig | 0.47 | 7.2 | 0.00 | Sep 3, 2025 | Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition ltl-freight-quotes-day-ross-edition allows Object Injection.This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through <= 2.1.11. | ||
| CVE-2025-54012 | Hig | 0.47 | 7.2 | 0.00 | Aug 20, 2025 | Deserialization of Untrusted Data vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Object Injection.This issue affects Welcart e-Commerce: from n/a through <= 2.11.16. | ||
| CVE-2025-47536 | Hig | 0.47 | 7.2 | 0.00 | Aug 14, 2025 | Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through <= 7.0.0. | ||
| CVE-2025-53990 | Hig | 0.47 | 7.2 | 0.00 | Jul 16, 2025 | Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Object Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.1.2. | ||
| CVE-2025-7216 | — | Hig | 0.47 | 7.3 | 0.00 | Jul 9, 2025 | A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It… |
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0.
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19.
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through <= 3.6.0.
- risk 0.47cvss 7.3epss 0.01
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible…
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through < 5.9.14.
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through <= 3.3.8.
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10.
- risk 0.47cvss 7.3epss 0.00
A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.database.php of the component Cookie Handler. Performing manipulation of the argument…
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in awesomesupport Awesome Support awesome-support allows Object Injection.This issue affects Awesome Support: from n/a through <= 6.3.5.
- risk 0.47cvss 7.2epss 0.01
Deserialization of Untrusted Data vulnerability in ConveyThis ConveyThis conveythis-translate allows Object Injection.This issue affects ConveyThis: from n/a through <= 269.1.
- risk 0.47cvss 7.2epss 0.01
Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector sheetlink allows Object Injection.This issue affects GSheets Connector: from n/a through <= 1.1.1.
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through <= 1.2.
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through <= 2.0.2.
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition ltl-freight-quotes-tql-edition allows Object Injection.This issue affects LTL Freight Quotes - TQL Edition: from n/a through <= 1.2.6.
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition ltl-freight-quotes-daylight-edition allows Object Injection.This issue affects LTL Freight Quotes – Daylight Edition: from n/a through <= 2.2.7.
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition ltl-freight-quotes-day-ross-edition allows Object Injection.This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through <= 2.1.11.
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Object Injection.This issue affects Welcart e-Commerce: from n/a through <= 2.11.16.
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through <= 7.0.0.
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Object Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.1.2.
- risk 0.47cvss 7.3epss 0.00
A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It…