Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 302— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Blockchain Node DoS Fix: Malicious HistoricTransaction Triggers Panic in History Sync
github.com · 2026-04-23

# Vulnerability Summary ## Overview - **Vulnerability Name**: Fix panic triggered by sync node during historical synchronization. - **Description**: A malicious sync node can cause the sync node to cr…

Read more
Keras TFSMLayer Bypasses safe_mode Leading to RCE (CVE-2026-1462)
huntr.com · 2026-04-18

# TFSMLayer Bypass `safe_mode=True` Vulnerability Summary ## Vulnerability Overview **CVE-2026-1462** **Severity**: High (8.8) **Affected Component**: `keras-team/keras` (TFSMLayer class) **Core Issue…

Read more
free5GC UDR CVE-2025-0249 Policy Data Subscription Handling Flaw
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut - **Vulnerability Description**: In the free5GC UDR service, the `/nudr/dr/v2/pol…

Read more
LangChain f-string Template Injection Vulnerability Fix Analysis
github.com · 2026-04-10

### Vulnerability Overview The prompt templates in the LangChain core library are susceptible to **f-string template injection** vulnerabilities. Attackers can construct malicious f-string template in…

Read more
LangChain Prompt Template Injection Vulnerability Fix
github.com · 2026-04-10

# Vulnerability Summary: LangChain Prompt Template Injection Fix ## Vulnerability Overview This commit fixes a security vulnerability in the LangChain core library's Prompt templates. The previous imp…

Read more
Oracle WebLogic Server wls-wsat RCE Vulnerability (CVE-2022-22421) Analysis and PoC
vuldb.com · 2026-04-03

### Vulnerability Summary **Vulnerability Overview** * **CVE ID:** CVE-2022-22421 * **Vulnerability Type:** Remote Code Execution (RCE) * **Affected Component:** `wls-wsat` module in Oracle WebLogic S…

Read more
Zebra 4.3.0 Security Advisory: Fixes for CVE-2026-34202 (DoS) and CVE-2026-34377 (Consensus Failure)
zfnd.org · 2026-04-02

### Vulnerability Key Information Summary #### 1. Vulnerability Overview This page discloses two critical security vulnerabilities related to the Zebra 4.3.0 version: * **CVE-2026-34202 (Critical, CVS…

Read more
GoFiber v3 Flash Cookie Unrestricted Memory Allocation DoS (CVE-2026-25899)
github.com · 2026-02-25

### Vulnerability Key Information #### Summary - **Vulnerability Type**: Denial of Service (DoS) via Unrestricted Allocation through Flash Cookie - **CVE ID**: CVE-2026-25899 - **CVSS v3 Base Metrics*…

Read more
dromara dataCompare ≤1.0.1 JDBC URL Injection Leading to RCE/Arbitrary File Read
github.com · 2025-11-17

Based on the information in the web page screenshot, the following key details about the vulnerability can be extracted: ### Vulnerability Description - **Vulnerability Type**: Arbitrary File Read and…

Read more
Arbitrary Code Execution in pdfminer.six via Crafted PDF (CVE-2025-64512)
github.com · 2025-11-11

### Key Information - **Vulnerability Name**: Arbitrary Code Execution in pdfminer.six via Crafted PDF Input - **Severity**: High (8.6 / 10) - **CVE ID**: CVE-2025-64512 #### **Main Issues** - **Affec…

Read more
RHSA-2018:0294: Red Hat JBoss Data Grid 7.1.2 Security Update (CVE-2017-7525/15089/9970)
access.redhat.com · 2025-11-10

## Critical Vulnerability Information **Overview** - **Advisory ID:** RHSA-2018:0294 - **Release Date:** 2018-02-12 - **Update Date:** 2018-02-12 **Type/Severity** - **Severity:** Important **Subject*…

Read more
Contao Controller.php Variable Reference Fix
github.com · 2025-08-30

From this webpage screenshot, the following key vulnerability-related information can be extracted: - **Submission Details**: - Submission ID: a03976c - Submitter: fritzmg - Submission Time: Yesterday…

Read more
Apache Camel Security Advisory - CVE-2026-40048 - Apache Camel
camel.apache.org · 2026-04-27

# Apache Camel Security Advisory: CVE-2026-40048 ## Vulnerability Overview **Severity**: HIGH **Summary**: Insecure deserialization vulnerability (`FileBasedKeyLifecycleManager`) exists in the Camel-P…

Read more
Escargot Serialization Vulnerability Fixes (CVE-2026-25205/25206/25207)
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability ID**: #1554 - **Vulnerability Description**: Fixed several minor issues related to serialization, including: - Introduced a local lambda function in `Shell…

Read more
WordPress Contact Form Entries PHP Object Injection (POI) Vulnerability Analysis
plugins.trac.wordpress.org · 2026-01-28

## Key Vulnerability Information - **File**: `contact-form-entries/tags/1.4.6/contact-form-entries.php` - **Function**: `maybe_unserialize($val, array('allowed_classes' => false));` called multiple ti…

Read more
CVE: Kiota Code Generation Literal Injection Vulnerability
github.com · 2026-04-23

# CVE Notice: Kiota Code Generation Literal Injection Vulnerability ## Vulnerability Overview Versions of Kiota **prior to 1.31.1** contain a code generation literal injection vulnerability. This issu…

Read more
CVE-2024-34064: serialize-javascript DoS via crafted array-like objects
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview | Item | Content | |:---|:---| | **Vulnerability Name** | Denial of Service (CPU Exhaustion) via crafted array-like objects | | **CV…

Read more
TYPO3 sr_feuser_register RCE and IDOR Vulnerabilities (CVE-2025-48200/48205)
typo3.org · 2025-05-22

### Key Information - **Vulnerability ID**: TYPO3-EXT-SA-2025-008 - **Affected Extension**: "Front End User Registration" (sr_feuser_register) - **Vulnerability Types**: - Remote Code Execution (RCE) …

Read more
ktransformers CVE-2026-26210 Unauthenticated RCE via Pickle Deserialization
chocapikk.com · 2026-04-24

### Vulnerability Overview **CVE-2026-26210**: Unauthenticated remote code execution (RCE) vulnerability in ktransformers, achieved via pickle deserialization in the ZMQ dispatcher. - **Vulnerability …

Read more
CVE-2026-40343: UDR fail-open in PolicyDataSubsToNotifyPost allows unintended subscription creation
github.com · 2026-04-22

### Vulnerability Overview **Title**: UDR fail-open request handling in PolicyDataSubsToNotifyPost may allow unintended subscription creation after input errors **Description**: - **Issue**: In the `P…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.