Vulnerability Name CVE Severity
.NET HTTP Remoting publicly exposed
.NET JSON.NET Deserialization RCE
ActiveMQ OpenWire RCE (CVE-2023-46604) CVE-2023-46604
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758) CVE-2021-23758
Apache Log4j socket receiver deserialization vulnerability CVE-2017-5645
Apache OFBiz SOAPService Deserialization RCE CVE-2021-26295
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070) CVE-2020-9496 CVE-2023-49070
Apache Shiro Deserialization RCE CVE-2016-4437
Apache Solr Deserialization of untrusted data via jmx.serviceUrl CVE-2019-0192
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335
ColdFusion AMF Deserialization RCE CVE-2017-3066
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360) CVE-2023-26359 CVE-2023-26360
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091 CVE-2019-7091
ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204) CVE-2023-29300 CVE-2023-38203 CVE-2023-38204
ColdFusion WDDX Deserialization RCE (CVE-2023-44353) CVE-2023-44353
Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson
Deserialization of Untrusted Data (Java JSON Deserialization) Genson
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson CVE-2017-7525
Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO
Deserialization of Untrusted Data (Java Object Deserialization)
Deserialization of Untrusted Data (XStream) CVE-2013-7285 CVE-2020-26258 CVE-2020-26217
DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822 CVE-2017-9822
Flex BlazeDS AMF Deserialization RCE CVE-2017-5641
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464) CVE-2021-35464
IBM Aspera Faspex RCE (CVE-2022-47986) CVE-2022-47986
IBM WebSphere RCE Java Deserialization Vulnerability CVE-2015-7450
Invision Power Board version 3.3.4 unserialize PHP code execution CVE-2012-5692
Java object deserialization of user-supplied data
Kentico CMS Deserialization RCE CVE-2019-10068
Liferay TunnelServlet Deserialization Remote Code Execution
node-serialize Insecure Deserialization CVE-2017-5941
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587) CVE-2021-35587
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445) CVE-2022-21445
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950 CVE-2020-2950
Oracle E-Business Suite Deserialization RCE
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725 CVE-2019-2725
Oracle Weblogic WLS-WSAT Component Deserialization RCE CVE-2017-3506 CVE-2017-10271
PHP object deserialization of user-supplied data
PHP unserialize() used on user input
Python object deserialization of user-supplied data
Python pickle serialization
Ruby on Rails DoubleTap RCE (CVE-2019-5420) CVE-2019-5420
SAP Hybris Deserialization RCE CVE-2019-0344
Sitecore XP Deserialization RCE (CVE-2021-42237) CVE-2021-42237
SolarWinds Web Help Desk RCE (CVE-2024-28986) CVE-2024-28986
Telerik Web UI RadAsyncUpload Deserialization CVE-2019-18935
vBulletin PHP object injection vulnerability
WS_FTP AHT Deserialization RCE (CVE-2023-40044) CVE-2023-40044