Vulnerability Name CVE Severity
.NET HTTP Remoting publicly exposed
.NET JSON.NET Deserialization RCE
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)
Apache Log4j socket receiver deserialization vulnerability CVE-2017-5645
Apache OFBiz SOAPService Deserialization RCE CVE-2021-26295
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496) CVE-2020-9496
Apache Shiro Deserialization RCE CVE-2016-4437
Apache Solr Deserialization of untrusted data via jmx.serviceUrl CVE-2019-0192
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335
ColdFusion Access Control bypass with WDDX Deserialization RCE (CVE-2023-29298/CVE-2023-29300) CVE-2023-29298 CVE-2023-29300
ColdFusion AMF Deserialization RCE CVE-2017-3066
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360) CVE-2023-26359
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091 CVE-2019-7091
Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson
Deserialization of Untrusted Data (Java JSON Deserialization) Genson
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO
Deserialization of Untrusted Data (Java Object Deserialization)
Deserialization of Untrusted Data (XStream)
DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822
Flex BlazeDS AMF Deserialization RCE CVE-2017-5641
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464) CVE-2021-35464
IBM WebSphere RCE Java Deserialization Vulnerability CVE-2015-7450
Invision Power Board version 3.3.4 unserialize PHP code execution CVE-2012-5692
Java object deserialization of user-supplied data
Kentico CMS Deserialization RCE
Liferay TunnelServlet Deserialization Remote Code Execution
node-serialize Insecure Deserialization CVE-2017-5941
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587) CVE-2021-35587
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445) CVE-2022-21445
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950 CVE-2020-2950
Oracle E-Business Suite Deserialization RCE
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725 CVE-2019-2725
Oracle Weblogic WLS-WSAT Component Deserialization RCE CVE-2017-3506 CVE-2017-10271
PHP object deserialization of user-supplied data
PHP unserialize() used on user input
Python object deserialization of user-supplied data
Python pickle serialization
Ruby on Rails DoubleTap RCE (CVE-2019-5420)
SAP Hybris Deserialization RCE
Sitecore XP Deserialization RCE (CVE-2021-42237)
Telerik Web UI RadAsyncUpload Deserialization CVE-2019-18935
vBulletin PHP object injection vulnerability
WS_FTP AHT Deserialization RCE (CVE-2023-40044)