CVE-2026-24385

NONE EPSS 0.06%

Mar 05, 2026

Updated Mar 05, 2026

Deserialization

Parameter	Value
Type	CWE-502 (Deserialization of Untrusted Data)
Vendor	Deserialization
Public PoC	No

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through <= 5.9.1.

Weakness Type (CWE)

CWE-502 Deserialization of Untrusted Data

References 1

https://patchstack.com/database/Wordpress/Plugin/podlove-web-player/vulnerabili…

audit@patchstack.com

Share Post Share Share Share

CVE Details

CVE ID

CVE-2026-24385

Published Date

Mar 05, 2026

Vendor

Deserialization

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.06%

Likelihood of exploitation in next 30 days

Percentile: 19.0th percentile (higher than 19.0% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2026-24385

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Menu

CVE-2026-24385

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Stay informed on cybersecurity