VYPR

CWE-502

Deserialization of Untrusted Data

BaseDraftLikelihood: Medium

Description

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-586

CVEs mapped to this weakness (971)

page 8 of 49
CVESevRiskCVSSEPSSKEVPublishedDescription
CVE-2025-67911Cri0.649.80.00Jan 8, 2026Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through <= 4.11.
CVE-2025-47552Cri0.649.80.00Jan 7, 2026Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.
CVE-2025-64233Cri0.649.80.00Dec 18, 2025Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through < 1.2.8.
CVE-2025-64227Cri0.649.80.00Dec 18, 2025Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7.
CVE-2025-64206Cri0.649.80.00Dec 18, 2025Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through <= 7.6.0.
CVE-2025-54723Cri0.649.80.00Dec 18, 2025Deserialization of Untrusted Data vulnerability in BoldThemes DentiCare denticare allows Object Injection.This issue affects DentiCare: from n/a through < 1.4.3.
CVE-2025-60245Cri0.649.80.00Nov 6, 2025Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12.
CVE-2025-58998Cri0.649.80.00Nov 6, 2025Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through <= 250701.
CVE-2025-58636Cri0.649.80.00Nov 6, 2025Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Object Injection.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through <= 1.2.3.
CVE-2025-53242Cri0.649.80.00Nov 6, 2025Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through <= 1.7.1.
CVE-2025-49393Cri0.649.80.00Nov 6, 2025Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through <= 2.3.2.
CVE-2025-62025Cri0.649.80.00Oct 22, 2025Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through < 3.0.8.
CVE-2025-60238Cri0.649.80.00Oct 22, 2025Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 9.04.02.
CVE-2025-60232Cri0.649.80.00Oct 22, 2025Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5.
CVE-2025-60225Cri0.649.80.00Oct 22, 2025Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through <= 1.5.0.
CVE-2025-60224Cri0.649.80.00Oct 22, 2025Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through <= 2.0.9.
CVE-2025-60221Cri0.649.80.00Oct 22, 2025Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through <= 3.0.3.
CVE-2025-60216Cri0.649.80.00Oct 22, 2025Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through < 1.4.8.
CVE-2025-60214Cri0.649.80.00Oct 22, 2025Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through < 1.3.0.
CVE-2025-60213Cri0.649.80.00Oct 22, 2025Deserialization of Untrusted Data vulnerability in Whitebox-Studio Scape scape allows Object Injection.This issue affects Scape: from n/a through <= 1.5.13.