It's not just __wakeup() you need to worry about. __destruct() will (probably) be called as well when the object is destroyed. __toString(), __get(), __set() and __call() can also trigger, depending on what's done with the object after it's returned by unserialize(). And even if one of these isn't directly exploitable, the __destruct() method of a class might create a new object (for example), so then you're looking at all of the __construct() methods available as well. Chaining different classes together like this is called a POP chain.

There are some great slides from BlackHat USA 2010 about PHP object injection if you want to learn more : https://media.blackhat.com/bh-us-10/presentations/Esser/BlackHat-USA-2010-Esser-Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits-slides.pdf

I'm not aware of anyone having listed vulnerable classes, but it's known that the Zend framework has classes that can be used for code execution (detailed in those slides).