Security Intel Hub 302— Search: `反序列化`×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Apache ActiveMQ CVE-2023-46604 RCE Vulnerability Analysis and POC

www.wordfence.com · 2026-04-19

# Vulnerability Summary ## Overview * **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) * **Vulnerability Type**: Remote Code Execution (RCE) * **Root Cause*…

Apache ActiveMQ CVE-2023-46604 RCE via OpenWire Deserialization with POC

www.wordfence.com · 2026-04-19

Apache ActiveMQ CVE-2023-46604 RCE Vulnerability Analysis and POC

www.wordfence.com · 2026-04-19

CF Image Hosting Script 1.6.5 Unauthenticated Data Deletion via Insecure Direct Object Reference

www.exploit-db.com · 2026-04-18

# CF Image Hosting Script 1.6.5 Vulnerability Summary ## Vulnerability Overview - **Vulnerability Title**: CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation - **EDB-ID**: 4609…

MLflow Stored XSS via YAML Deserialization and Authorization Bypass

afine.com · 2026-04-10

### Vulnerability Overview This webpage reveals two critical security vulnerabilities within the MLflow platform: 1. **Stored XSS (via YAML Deserialization)**: * The MLflow frontend uses the insecure …

Tinyproxy Transfer-Encoding Case Sensitivity Bypass Leading to DoS/WAF Bypass

github.com · 2026-04-07

### Vulnerability Summary: Tinyproxy HTTP Request Parsing Deserialization Vulnerability **1. Vulnerability Overview** Tinyproxy contains a **case-sensitivity** error when processing the `Transfer-Enco…

Roundcube Webmail 1.7 RC5 Security Update: Fixes Pre-Auth File Write, SSRF, XSS, and CSRF

github.com · 2026-04-03

### Roundcube Webmail Security Update Summary **Vulnerability Overview** Roundcube Webmail has released version 1.7 RC5, addressing multiple critical security vulnerabilities reported recently. Key fi…

Rack Rack::Files Content-Length Header Mismatch Vulnerability Analysis

github.com · 2026-04-03

# 漏洞摘要 ## 1. 漏洞概述 (Vulnerability Overview) - **标题**: 'Content-Length' mismatch in 'Rack::Files' error responses - **描述**: Rack 框架中 `Rack::Files` 中间件在处理不存在文件的请求时，返回的 `Content-Length` 头值基于 `String#lengt…

CVE-2020-34031: NPD in libClccTagLut16.so::Write()

github.com · 2026-04-02

NPD in ClccTagLut16:Write() **Summary:** scikit-learn provides libraries for interacting with, manipulating, and applying machine learning algorithms. A null pointer dereference (NPD) vulnerability ex…

CVE-2026-34202: Zebra Node Remote Denial of Service via Crafted V5 Transaction

github.com · 2026-04-02

## CVE-2026-34202: Remote Denial of Service Vulnerability (Crafted V5 Transaction) ### Vulnerability Overview A vulnerability exists in Zebra's transaction processing logic, allowing remote unauthenti…

JDBC Connection Injection: Arbitrary File Read and RCE via Driver Injection

www.yuque.com · 2026-02-22

### Key Information Summary #### Vulnerability Type - **JDBC Connection Injection** #### Description - In the `importChanel` endpoint of `ImportDataController`, the application accepts user-controlled…

HubSpot Jinjava Sandbox Bypass RCE (CVE-2026-25526)

github.com · 2026-02-05

## Key Information ### Vulnerability Overview - **CVE ID**: CVE-2026-25526 - **Severity**: Critical - **Vulnerability Type**: Sandbox Bypass / Remote Code Execution - **Affected Package**: `com.hubspo…

Fickling <=v0.1.6 cProfile Module Blacklist Bypass Leading to RCE

github.com · 2026-01-20

### Vulnerability Key Information - **Vulnerability Name:** Fickling Blocklist Bypass: cProfile.run() - **Severity:** High - **Affected Versions:** = v0.1.7 - **CVE ID:** None - **Weaknesses:** CWE-18…

IBM Concert Software Multiple Vulnerabilities (CVE-2022-41856-41867) Advisory

www.ibm.com · 2025-09-02

### Critical Vulnerability Information #### Vulnerability Overview - **CVE ID**: Multiple CVEs, including CVE-2022-41856, CVE-2022-41857, etc. - **Description**: Multiple security vulnerabilities exis…

Volcengine VeriL RCE via Unsafe Model Deserialization (CVE-2025-50461)

github.com · 2025-08-20

### Key Information #### Vulnerability Overview - **CVE ID**: CVE-2025-50461 - **Vulnerability Type**: Remote Code Execution (RCE) via unsafe model deserialization in VeriL - **Status**: Reserved, not…

Adobe ColdFusion Critical Vulnerabilities Fix: RCE, File Read, Auth Bypass (CVE-2025-30466, 30444, 30288, 30286, 30287)

helpx.adobe.com · 2025-04-10

### Critical Vulnerability Information #### Vulnerability Overview - **Advisory ID**: APSB25-15 - **Release Date**: April 8, 2025 - **Priority**: 1 Adobe has released security updates for ColdFusion 2…

Nuxt Client-Side Path Traversal in Island Mechanism

github.com · 2025-09-19

### Critical Vulnerability Information #### Vulnerability Overview - **Type**: Client-side Path Traversal Vulnerability - **Affected Versions**: >=3.6.0 =4.0.0 =3.19.0 =4.1.0 - **Severity**: Low (CVSS…

F Prime SpacePacketDeframer Buffer Overflow Fix

github.com · 2026-04-22

# Vulnerability Summary ## Vulnerability Overview This submission fixes multiple security issues related to buffer overflows and invalid data assertions, mainly involving: - Filename overflow handling…

Fix MQTT 5.0 WebSocket Session Resume Subinfo Handling Bug in EMQX

github.com · 2026-04-02

Based on the webpage screenshot provided by the user, I extracted the following key information: 1. **Vulnerability Overview:** * **Title:** Fix MQTT session resume bug of subinfo in WebSocket transpo…

Synology Photo Station Multiple Critical Vulnerabilities (CVE-2017-11151~11155) Analysis

www.synology.com · 2025-11-14

### Key Information **Vulnerability Details** - **CVE IDs**: - CVE-2017-11151 - CVE-2017-11152 - CVE-2017-11153 - CVE-2017-11154 - CVE-2017-11155 - **Severity**: Critical - **Status**: Resolved **Affe…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 302— Search: 反序列化×

Security Intel Hub 302— Search: `反序列化`×