Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stre
CVE-2025-59287
CRITICAL CVSS 9.8 KEV
Find Similar
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated use
CVE-2026-3422
CRITICAL CVSS 9.3
Find Similar
U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
CVE-2024-49147
CRITICAL CVSS 9.8
Find Similar
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-21531
CRITICAL CVSS 9.8
Find Similar
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
CVE-2025-53078
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
CVE-2026-33819
CRITICAL CVSS 9.8
Find Similar
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
CVE-2026-9319
CRITICAL CVSS 9.0
Find Similar
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.