VYPR

CWE-502

Deserialization of Untrusted Data

BaseDraftLikelihood: Medium

Description

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-586

CVEs mapped to this weakness (1,721)

page 63 of 87
  • CVE-2025-13715HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent FaceDetection-DSFD. User interaction is required to exploit this…

  • CVE-2025-13714HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MedicalNet. User interaction is required to exploit this…

  • CVE-2025-13713HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent Hunyuan3D-1. User interaction is required to exploit this…

  • CVE-2025-13712HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent HunyuanDiT merge Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanDiT. User interaction is required to exploit this vulnerability in…

  • CVE-2025-13710HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent HunyuanVideo load_vae Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanVideo. User interaction is required to exploit this vulnerability…

  • CVE-2025-13708HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is…

  • CVE-2025-13707HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent HunyuanDiT model_resume Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanDiT. User interaction is required to exploit this vulnerability…

  • CVE-2025-13706HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent PatrickStar. User interaction is required to exploit this…

  • CVE-2024-0140MedJan 28, 2025
    risk 0.44cvss 6.8epss 0.00

    NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

  • CVE-2024-34072HigMay 3, 2024
    risk 0.44cvss 7.8epss 0.00

    sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays.…

  • CVE-2023-7018HigDec 20, 2023
    risk 0.44cvss 7.8epss 0.01

    Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.

  • CVE-2022-25647HigMay 1, 2022
    risk 0.44cvss 7.7epss 0.12

    The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

  • CVE-2021-4118HigDec 23, 2021
    risk 0.44cvss 7.8epss 0.01

    pytorch-lightning is vulnerable to Deserialization of Untrusted Data

  • CVE-2021-25738MedOct 11, 2021
    risk 0.44cvss 6.7epss 0.00

    Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.

  • CVE-2020-24164HigSep 11, 2020
    risk 0.44cvss 7.8epss 0.01

    A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java…

  • CVE-2013-7489MedJun 26, 2020
    risk 0.44cvss 6.8epss 0.01

    The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.

  • CVE-2019-12086HigMay 17, 2019
    risk 0.44cvss 7.5epss 0.22

    A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the…

  • CVE-2018-1000167HigApr 18, 2018
    risk 0.44cvss 7.8epss 0.04

    OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can…

  • CVE-2018-1000074HigMar 13, 2018
    risk 0.44cvss 7.8epss 0.03

    RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can…

  • CVE-2026-7566MedJun 6, 2026
    risk 0.43cvss 6.6epss 0.00

    The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and…