CWE-502
Deserialization of Untrusted Data
Description
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-586
CVEs mapped to this weakness (1,721)
page 7 of 87| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25031 | Cri | 0.64 | 9.8 | 0.00 | Mar 25, 2026 | Deserialization of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through < 1.27. | ||
| CVE-2026-25030 | Cri | 0.64 | 9.8 | 0.00 | Mar 25, 2026 | Deserialization of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through < 3.47. | ||
| CVE-2026-25029 | Cri | 0.64 | 9.8 | 0.00 | Mar 25, 2026 | Deserialization of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects KIDZ: from n/a through <= 5.24. | ||
| CVE-2026-24989 | Cri | 0.64 | 9.8 | 0.00 | Mar 25, 2026 | Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This issue affects SUMO Affiliates Pro: from n/a through < 11.4.0. | ||
| CVE-2026-24378 | Cri | 0.64 | 9.8 | 0.01 | Mar 25, 2026 | Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0. | ||
| CVE-2026-22507 | Cri | 0.64 | 9.8 | 0.01 | Mar 25, 2026 | Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through <= 1.2.6. | ||
| CVE-2026-22500 | Cri | 0.64 | 9.8 | 0.01 | Mar 25, 2026 | Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through <= 1.1.2. | ||
| CVE-2025-60237 | Cri | 0.64 | 9.8 | 0.01 | Mar 19, 2026 | Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0. | ||
| CVE-2025-60233 | Cri | 0.64 | 9.8 | 0.00 | Mar 19, 2026 | Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2. | ||
| CVE-2026-25449 | Cri | 0.64 | 9.8 | 0.00 | Mar 18, 2026 | Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1. | ||
| CVE-2026-28105 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2026 | Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through <= 1.7.7. | ||
| CVE-2026-28074 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2026 | Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through <= 1.4.0. | ||
| CVE-2026-27439 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2026 | Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <= 1.5. | ||
| CVE-2026-27438 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2026 | Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7. | ||
| CVE-2026-27437 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2026 | Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through <= 1.2.3. | ||
| CVE-2026-27417 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2026 | Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < 4.0.1. | ||
| CVE-2026-22501 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2026 | Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2. | ||
| CVE-2026-22497 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2026 | Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2. | ||
| CVE-2026-22475 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2026 | Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4. | ||
| CVE-2026-22474 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2026 | Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5. |
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through < 1.27.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through < 3.47.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects KIDZ: from n/a through <= 5.24.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This issue affects SUMO Affiliates Pro: from n/a through < 11.4.0.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through <= 1.2.6.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through <= 1.1.2.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through <= 1.7.7.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through <= 1.4.0.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <= 1.5.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through <= 1.2.3.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < 4.0.1.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5.