CWE-502

Deserialization of Untrusted Data

MITRE

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

Critical

High

Medium

Low

Severity distribution

Recent CVEs

showing 50 of 90

CVE-2026-41699High· 8.1EPSS 0%16 h ago
Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a pagi
CVE-2025-23006Critical· 9.8KEVEPSS 50%19 h ago
SonicWall SMA1000 Appliances Deserialization Vulnerability
CVE-2024-8069High· 8.0KEVEPSS 48%19 h ago
Citrix Session Recording Deserialization of Untrusted Data Vulnerability
CVE-2018-2628Critical· 9.8KEVEXPLOITEPSS 94%19 h ago
Oracle WebLogic Server Unspecified Vulnerability
CVE-2024-40711Critical· 9.8KEVEPSS 70%19 h ago
Veeam Backup and Replication Deserialization Vulnerability
CVE-2022-41082High· 8.0KEVEXPLOITEPSS 91%19 h ago
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2020-2555Critical· 9.8KEVEXPLOITEPSS 93%19 h ago
Oracle Multiple Products Remote Code Execution Vulnerability
CVE-2024-38094High· 7.2KEVEPSS 70%19 h ago
Microsoft SharePoint Deserialization Vulnerability
CVE-2021-31010High· 7.5KEVEPSS 1%19 h ago
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
CVE-2015-4852Critical· 9.8KEVEXPLOITEPSS 93%19 h ago
Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
CVE-2025-26399Critical· 9.8KEVEPSS 31%19 h ago
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE-2025-24016Critical· 9.9KEVEXPLOITEPSS 94%19 h ago
Wazuh Server Deserialization of Untrusted Data Vulnerability
CVE-2022-21445Critical· 9.8KEVEPSS 92%19 h ago
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
CVE-2022-31199Critical· 9.8KEVEPSS 6%19 h ago
Netwrix Auditor Insecure Object Deserialization Vulnerability
CVE-2021-39144High· 8.5KEVEXPLOITEPSS 94%19 h ago
XStream Remote Code Execution Vulnerability
CVE-2023-29300Critical· 9.8KEVEPSS 94%19 h ago
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
CVE-2023-46604Critical· 10.0KEVEXPLOITEPSS 94%19 h ago
Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
CVE-2025-42999Critical· 9.1KEVEPSS 39%19 h ago
SAP NetWeaver Deserialization Vulnerability
CVE-2018-15133High· 8.1KEVEXPLOITEPSS 84%19 h ago
Laravel Deserialization of Untrusted Data Vulnerability
CVE-2021-26857High· 7.8KEVEPSS 41%19 h ago
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2020-0618High· 8.8KEVEXPLOITEPSS 94%19 h ago
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
CVE-2024-28986Critical· 9.8KEVEPSS 80%19 h ago
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE-2018-4939Critical· 9.8KEVEPSS 51%19 h ago
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
CVE-2026-20963Critical· 9.8KEVEPSS 8%19 h ago
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
CVE-2023-0669High· 7.2KEVEXPLOITEPSS 94%19 h ago
Fortra GoAnywhere MFT Remote Code Execution Vulnerability
CVE-2019-10068Critical· 9.8KEVEXPLOITEPSS 94%19 h ago
Kentico Xperience Deserialization of Untrusted Data Vulnerability
CVE-2026-45247Critical· 9.8KEVEPSS 6%19 h ago
Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability
CVE-2025-59287Critical· 9.8KEVEXPLOITEPSS 66%19 h ago
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
CVE-2017-12149Critical· 9.8KEVEXPLOITEPSS 94%19 h ago
Red Hat JBoss Application Server Remote Code Execution Vulnerability
CVE-2021-44228Critical· 10.0KEVEXPLOITEPSS 94%19 h ago
Apache Log4j2 Remote Code Execution Vulnerability
CVE-2025-0994High· 8.8KEVEPSS 75%19 h ago
Trimble Cityworks Deserialization Vulnerability
CVE-2017-9805High· 8.1KEVEXPLOITEPSS 94%19 h ago
Apache Struts Deserialization of Untrusted Data Vulnerability
CVE-2020-17144High· 8.4KEVEPSS 92%19 h ago
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-47986Critical· 9.8KEVEXPLOITEPSS 94%19 h ago
IBM Aspera Faspex Code Execution Vulnerability
CVE-2025-5086Critical· 9.0KEVEPSS 41%19 h ago
Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability
CVE-2023-21529High· 8.8KEVEPSS 27%19 h ago
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2025-40551Critical· 9.8KEVEXPLOITEPSS 87%19 h ago
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE-2020-10189Critical· 9.8KEVEXPLOITEPSS 94%19 h ago
Zoho ManageEngine Desktop Central File Upload Vulnerability
CVE-2025-49113Critical· 9.9KEVEXPLOITEPSS 90%19 h ago
RoundCube Webmail Deserialization of Untrusted Data Vulnerability
CVE-2020-5741High· 7.2KEVEXPLOITEPSS 35%19 h ago
Plex Media Server Remote Code Execution Vulnerability
CVE-2025-53690Critical· 9.0KEVEPSS 5%19 h ago
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
CVE-2019-18935Critical· 9.8KEVEXPLOITEPSS 94%19 h ago
Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
CVE-2019-9874Critical· 9.8KEVEPSS 88%19 h ago
Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2018-1000861Critical· 9.8KEVEXPLOITEPSS 94%19 h ago
Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability
CVE-2019-0344Critical· 9.8KEVEPSS 40%19 h ago
SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
CVE-2021-35587Critical· 9.8KEVEXPLOITEPSS 94%19 h ago
Oracle Fusion Middleware Unspecified Vulnerability
CVE-2021-42321High· 8.8KEVEXPLOITEPSS 94%19 h ago
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2018-0824High· 8.8KEVEXPLOITEPSS 92%19 h ago
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability
CVE-2021-42237Critical· 9.8KEVEXPLOITEPSS 94%19 h ago
Sitecore XP Remote Command Execution Vulnerability
CVE-2023-40044Critical· 10.0KEVEXPLOITEPSS 94%19 h ago
Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.