Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 302— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Apache Jackrabbit Untrusted Data Deserialization Vulnerability (CVE-2025-58782)
lists.apache.org · 2025-09-09

### Key Information #### Vulnerability ID CVE-2025-58782 #### Affected Components - Apache Jackrabbit Core - Apache Jackrabbit JCR Commons #### Affected Versions - Apache Jackrabbit Core (org.apache.j…

Read more
NVIDIA NeMo Framework Untrusted Data Deserialization Vulnerability (CVE-2025-23303)
www.cve.org · 2025-08-15

### Critical Vulnerability Information - **CVE ID**: CVE-2025-23303 - **Release Date**: 2025-08-13 - **Update Date**: 2025-08-13 - **CNA**: NVIDIA Corporation #### Description NVIDIA NeMo Framework fo…

Read more
NVIDIA NeMo Framework Deserialization & Code Injection Vulnerabilities (CVE-2025-23303/23304)
nvidia.custhelp.com · 2025-08-15

### Critical Vulnerability Information #### Vulnerability Details | CVE ID | Description | Vector | Base Score | Severity | CWE | Impact | |--------|-------------|--------|------------|----------|----…

Read more
TensorFlow Keras Deserialization Bypass Safe Mode for RCE
jfrog.com · 2025-08-12

From this webpage screenshot, the following key information about the vulnerability can be extracted: - **Title**: Is TensorFlow Keras "Safe Mode" Really Safe? Bypassing Safe Mode for Arbitrary Code E…

Read more
Kanboard <=1.2.46 Unsafe Deserialization RCE (CVE-2020-5070)
github.com · 2025-08-13

### Key Information #### Vulnerability Type - **Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events** #### Affected Versions - **Affected versions**: <= 1.2.46 - **Patched v…

Read more
CVE-2025-50460: ModelScope ms-swift PyYAML Deserialization RCE
github.com · 2025-08-02

### Critical Vulnerability Information #### Vulnerability Overview - **CVE ID**: CVE-2025-50460 - **Status**: RESERVED - **Description**: In the `modelscope/ms-swift` project, a Remote Code Execution …

Read more
PrestaShop simpleimportproducts PHP Deserialization Vulnerability Analysis
github.com · 2025-08-02

### Key Information #### 0x01 Affected Versions - **Vendor**: PrestaShop - **Affected Versions**: PrestaShop 8.2.0, PHP 7.x module `simpleimportproducts` #### 0x02 Vulnerability Description - **Vulner…

Read more
ModelScope ms-swift Unserialization RCE Vulnerability Analysis
github.com · 2025-08-02

### Key Information Summary #### 1. Vulnerability Overview and Impact - **Vulnerability Type**: ModelScope Ms-Swift ModelFileSystemCache deserialization of untrusted data leading to remote code execut…

Read more
DataEase H2 JDBC Deserialization RCE Vulnerability (CVE-2021-42392) Analysis
github.com · 2025-07-06

From this webpage screenshot, the following key information about the vulnerability can be obtained: ### Vulnerability Overview - **Vulnerability Name**: Dataease H2 JDBC Connection Remote Code Execut…

Read more
CVE-2025-32896: Apache SeaTunnel Unauthenticated Arbitrary File Read and Deserialization
lists.apache.org · 2025-07-06

## CVE-2025-32896: Apache SeaTunnel - Unauthenticated Insecure Access ### Severity: Moderate ### Affected Versions: - Apache SeaTunnel 2.3.1 through 2.3.10 ### Description: #### Summary Unauthorized u…

Read more
Trend Micro Endpoint Encryption Untrusted Data Deserialization RCE (CVE-2025-49212)
www.zerodayinitiative.com · 2025-07-06

### Critical Vulnerability Information - **Vulnerability Name**: Trend Micro Endpoint Encryption PolicyValueTableSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerabili…

Read more
Trend Micro Endpoint Encryption Deserialization RCE Vulnerability (CVE-2025-49212)
www.zerodayinitiative.com · 2025-07-06

### Critical Vulnerability Information - **Vulnerability Name**: Trend Micro Endpoint Encryption DeserializeFromBase64String Deserialization of Untrusted Data Remote Code Execution Vulnerability - **Z…

Read more
Weaver OA CNVD-2021-01627 Pre-Auth Bypass & Deserialization Patch
service.seeyon.com · 2025-07-06

### Key Information #### Vulnerability Name Pre-Login Interface Privilege Escalation Patch (autoinstall) [CNVD-2021-01627] #### Release Date February 21, 2021 #### Issues Addressed 1. Pre-login method…

Read more
phpwcms FeedImport Module PHAR Deserialization Vulnerability Analysis
vuldb.com · 2025-06-04

From this webpage screenshot, the following key information about the vulnerability can be extracted: - **Title**: phpwcms 1.10.8 phar deserialization vulnerability - **Description**: - The phpwcms co…

Read more
Kaleris Navis N4 Deserialization RCE Vulnerability (CVE-2023-2923) Advisory
www.cisa.gov · 2025-07-06

### Critical Vulnerability Information #### 1. Vulnerability Overview - **CVE ID**: CVE-2023-2923 - **Severity**: High (enables remote attacks with low complexity) - **Vendor**: Kaleris - **Affected D…

Read more
basestation3 QC.py pickle Deserialization RCE Vulnerability Analysis
github.com · 2025-05-20

### Key Information Summary #### Vulnerability Description - **Issue**: In the `load_qc_pickl()` function of the `QC.py` file, Python's `pickle.load()` method is used to deserialize file data without …

Read more
pypickle pickle deserialization RCE vulnerability and fix
github.com · 2025-05-27

### Critical Vulnerability Information #### Vulnerability Description - **Issue**: The `load()` function in `pypickle.py` uses Python's `pickle.load()` to deserialize data from files, without validati…

Read more
pypickle pickle deserialization RCE vulnerability and fix
github.com · 2025-05-27

### Critical Vulnerability Information #### Vulnerability Description - **Issue**: The `load()` function in `pypickle.py` uses Python's `pickle.load()` to deserialize data from files, without validati…

Read more
RCE via Unsafe Deserialization in basestation3 QC.py load_qc_pickl
github.com · 2025-05-20

### Key Information Summary #### Vulnerability Description - **Vulnerability Type**: Remote Code Execution (RCE) via unsafe deserialization - **Affected File**: QC.py - **Affected Function**: load_qc_…

Read more
RCE via Unsafe Deserialization in basestation3 QC.py load_qc_pickl
github.com · 2025-05-20

### Key Information Summary #### Vulnerability Description - **Vulnerability Type**: Remote Code Execution (RCE) - **Cause**: Insecure deserialization via `pickle.load()` in the `load_qc_pickl()` func…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.