Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 302— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Telerik UI for WinForms Unsafe Deserialization Vulnerability (CVE-2024-10013) Advisory
docs.telerik.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Unsafe Deserialization Vulnerability (10013) 2. **Description**: - Produ…

Read more
Chainer CVE-2024-48206 Deserialization Vulnerability Analysis
gist.github.com · 2024-11-03

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID**: CVE-2024-48206 2. **Description**: Chainer v7.8.1.post1 contains a vulnera…

Read more
PyTorch Distributed RPC RemoteModule Deserialization RCE Vulnerability with PoC
rumbling-slice-eb0.notion.site · 2024-11-03

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Type**: Distributed RPC Framework RemoteModule has Deserialization RCE in pytorc…

Read more
Consensys gnark Deserialization DoS via Crafted Inputs (GHSA-cph5-3pgr-c82g)
github.com · 2024-11-03

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Title**: Out-of-memory during deserialization with crafted in…

Read more
pac4j-core Java Deserialization RCE (CVE-2023-25581)
securitylab.github.com · 2024-10-12

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID and Name**: - Vulnerability ID: GHSL-2022-085 - Vulnerability Name: Java dese…

Read more
CVE-2024-47561: Apache Avro Java SDK Arbitrary Code Execution via Schema Parsing
lists.apache.org · 2024-10-07

### CVE-2024-47561: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) #### Key Information from the Webpage Screenshot: 1. **Severity**: Critical 2. **Affected Versions*…

Read more
Apache Lucene Replicator Deserialization Vulnerability Advisory (CVE-2024-45772)
lists.apache.org · 2024-10-01

### Key Information - **Vulnerability ID**: CVE-2024-45772 - **Vulnerability Name**: Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue - **Release Platform*…

Read more
Apache Batik/FOP/XML Graphics Commons SSRF/XXE/Deserialization Vulnerabilities Summary (CVE-2022-44729 etc.)
xmlgraphics.apache.org · 2024-10-10

From this webpage screenshot, the following key information about vulnerabilities can be obtained: 1. **Apache Batik Project - Apache Batik Security**: - Batik 1.17: SSRF vulnerability CVE-2022-44729 …

Read more
Apache Seata Hessian Deserialization RCE Vulnerability (CVE-2024-22399) Advisory
lists.apache.org · 2024-09-17

### Key Information - **CVE Number**: CVE-2024-22399 - **Vulnerability Name**: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server - **Release Date**: …

Read more
Kibana YAML Deserialization RCE Vulnerabilities (CVE-2024-37288/37285) and Mitigation
discuss.elastic.co · 2024-09-10

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Description**: - **Title**: Kibana arbitrary code execution via YAML deserialization in Am…

Read more
SolarWinds ARM Hardcoded Creds Auth Bypass & Deserialization RCE (CVE-2024-28990/28991)
documentation.solarwinds.com · 2024-09-13

From this webpage screenshot, the following key information about the vulnerabilities can be obtained: 1. **Vulnerability IDs and Descriptions**: - **CVE-2024-28990**: SolarWinds Access Rights Manager…

Read more
H2O Unauthenticated RCE via Unrestricted JDBC URL Injection Leading to Deserialization and Command Execution
spear-shield.notion.site · 2024-09-07

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Type**: Unauthenticated Remote Code Execution (RCE). 2. **Vulnerability Descript…

Read more
Apache Camel CVE-2026-40858 Unsafe Deserialization Vulnerability Advisory
camel.apache.org · 2026-04-27

# Apache Camel Security Advisory: CVE-2026-40858 ## Vulnerability Overview - **Severity**: High - **Summary**: An insecure deserialization vulnerability exists in the Camel-Infinispan component. - **D…

Read more
Apache Camel Mina Unsafe Deserialization RCE (CVE-2026-40473)
camel.apache.org · 2026-04-27

# Apache Camel Security Advisory: CVE-2026-40473 ## Vulnerability Overview - **Severity**: Medium - **Summary**: An insecure deserialization vulnerability exists in the `MinaConverter.toObjectInput()`…

Read more
Apache Camel JMS Deserialization RCE Vulnerability (CVE-2026-40860) Advisory
camel.apache.org · 2026-04-27

# Apache Camel Security Advisory: CVE-2026-40860 ## Vulnerability Overview Apache Camel contains an insecure JMS deserialization vulnerability. When the `mapJmsMessage` option is enabled (enabled by d…

Read more
Roundcube Webmail 1.6.14 Security Update: Fixes Arbitrary File Write, IMAP Injection, XSS
github.com · 2026-04-03

# Roundcube Webmail 1.6.14 安全更新总结 ### 漏洞概述 Roundcube Webmail 1.6.14 版本发布,这是一个安全更新,旨在修复近期报告的多个严重安全漏洞。 ### 漏洞详情 本次更新修复了以下具体漏洞: * **任意文件写入**:Redis rememberme 会话处理程序中存在不安全的反序列化漏洞(由 PiyushGPTY 报告)。 * **密码重…

Read more
llama.cpp RPC RCE Patch: Fix in deserialize_tensor_info
github.com · 2026-04-02

### 漏洞修复总结 **漏洞概述** 该提交记录展示了 `llama.cpp` 项目(一个基于 C++ 的 Llama 模型推理库)中一个关键的安全修复。提交信息明确标注为 `rpc : RCE patch (#20980)`,表明该补丁修复了 RPC 模块中存在的远程代码执行(RCE)漏洞,有效防止攻击者通过构造恶意数据实现远程代码执行。 **影响范围** - **仓库**: `ngml/ll…

Read more
SolarWinds Web Help Desk Multiple High-Severity Vulnerabilities (RCE, Auth Bypass, Hardcoded Credentials)
documentation.solarwinds.com · 2026-01-28

### Critical Vulnerability Information #### Fixed CVEs | CVE-ID | Vulnerability Title | Description | Severity | Discoverer | | --- | --- | --- | --- | --- | | CVE-2025-4056 | SolarWinds Web Help Desk…

Read more
IBM Cloud Pak for Business Automation Security Bulletin: Multiple CVEs including Container Escape and RCE
www.ibm.com · 2025-05-05

### Critical Vulnerability Information #### Vulnerability Overview - **Announcement**: This security announcement addresses multiple security vulnerabilities in IBM Cloud Pak for Business Automation v…

Read more
Apache Storm 2.x RCE (CVE-2026-35337) and Stored XSS (CVE-2026-35565) Advisory
storm.apache.org · 2026-04-18

### Vulnerability Overview #### CVE-2026-35337 - Untrusted Data Deserialization Vulnerability - **Description**: When processing topology credentials submitted via the Nimbus Thrift API, Storm deseria…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.