Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 302— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
PyTorch 1.12.0 Series DoS Vulnerabilities (CVE-2022-35984~35991)
gist.github.com · 2025-09-26

### Critical Vulnerability Information #### CVE-2022-35984 - **Type**: DoS (Denial of Service) - **Product**: PyTorch - **Version**: 1.12.0 - **Description**: Serializing PyTorch objects containing a …

Read more
IBM AppScan Multiple High-Severity Vulnerabilities (CVE-2021-43875 etc.) and Remediation
www.ibm.com · 2025-08-02

### Critical Vulnerability Information #### Vulnerability Overview - **CVE IDs**: CVE-2021-43875, CVE-2021-43897, CVE-2021-43940, CVE-2021-43961, CVE-2021-43973, CVE-2021-43980, CVE-2021-43985, CVE-20…

Read more
XStream BinaryStreamDriver DoS via Stack Overflow (CVE-2024-47072)
x-stream.github.io · 2024-11-11

### Key Information #### Vulnerability Description - **CVE ID**: CVE-2024-47072 - **Affected Versions**: All versions up to and including version 1.4.20, if using XStream's BinaryStreamDriver. - **Des…

Read more
CVE-2026-23751: Kofax Capture Unauthenticated File Read/Write and SMB Coercion via .NET Remoting
gist.github.com · 2026-04-24

# Vulnerability Summary: Kofax Capture Unauthorized File Read/Write and SMB Coercion Vulnerability ## Vulnerability Overview * **Vulnerability Title**: Tungsten Automation - Kofax Capture Unauthentica…

Read more
AMF Missing Default Case in Content-Type Switch (CVE-2025-41136)
github.com · 2026-04-22

# [AMF] Missing default case in Content-Type switch in HTTPUEContextTransfer ## Vulnerability Overview In the file `internal/sbi/api/communication.go`, the `HTTPUEContextTransfer` function processes t…

Read more
Apache ActiveMQ CVE-2023-46604 RCE Vulnerability Analysis and POC
www.wordfence.com · 2026-04-19

# Vulnerability Summary ## Overview * **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) * **Vulnerability Type**: Remote Code Execution (RCE) * **Root Cause*…

Read more
Valtimo Cloud: Sensitive Data Logging & Null Safety Fixes
github.com · 2026-04-18

### Vulnerability Overview - **Title**: Inbox & SSE event mapper: sensitive data logging, silent exceptions, and null safety issues #653 - **Status**: Closed - **Tags**: Bug, Commuter, Security - **Af…

Read more
free5gc UDR Unauthorized Information Disclosure (SUPI Leakage)
github.com · 2026-04-18

# UDR nudr-dr influenceData/subs-to-notify SUPI Leakage Vulnerability Summary ## Vulnerability Overview In the 5G core network UDR service, there exists an unauthorized information disclosure vulnerab…

Read more
Dataease GHSA-944x-93jf-h3rx Arbitrary File Read via JDBC Parameter Bypass and POC
github.com · 2026-04-18

# Arbitrary File Read Vulnerability ## Overview * **Vulnerability Type**: Arbitrary File Read * **Severity**: High * **Vulnerability ID**: GHSA-944x-93jf-h3rx * **Affected Component**: `io.dataease` (…

Read more
LangChain CVE-2024-40087: Incomplete f-string Validation Allowing Attribute Access
github.com · 2026-04-10

# Vulnerability Summary: Incomplete f-string Validation in LangChain Prompt Templates ## 1. Vulnerability Overview * **CVE ID:** CVE-2024-40087 * **CVSS Score:** 5.3 / 10 (Moderate) * **Core Issue:** …

Read more
LangChain langchain-core Prompt Template Attribute Access Vulnerability Leading to RCE and Fix
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A security vulnerability exists in the Prompt Template component of the LangChain core library (`langchain-core`). Attackers can access high-risk P…

Read more
CVE-2026-33509: Non-admin RCE in payload-ng via insecure storage_folder config
github.com · 2026-04-08

# CVE-2026-33509 Vulnerability Summary ## Vulnerability Overview This vulnerability stems from an incomplete fix for CVE-2026-33509. Although an `ADMIN_ONLY_OPTION` was added to restrict non-admin use…

Read more
Vale-MCP Command Injection Vulnerability (CWE-78) Analysis and Fix
github.com · 2026-04-06

### Vulnerability Summary: Vale-MCP Command Injection Vulnerability (CVE-78) **1. Vulnerability Overview** * **Vulnerability Name**: Command Injection Vulnerability in Vale-MCP * **Vulnerability Type*…

Read more
Microsoft Exchange Server CVE-2021-40527 Remote Code Execution Vulnerability Advisory
github.com · 2026-04-02

Based on the provided webpage screenshot, this is a detailed information page for vulnerability CVE-2021-40527. Below is a summary of the key information: **Vulnerability Overview** * **Vulnerability …

Read more
CVE-2026-21619: Unsafe Deserialization in Erlang hex_core
github.com · 2026-02-28

## Vulnerability Key Information ### Vulnerability Overview **Name**: Unsafe Deserialization of Erlang Terms in hex_core **Reporter**: maennchen **Published**: 1 hour ago **CVE ID**: CVE-2026-21619 ##…

Read more
UJCMS 10.0.2 JDBC Connection Injection Vulnerability Analysis
vuldb.com · 2026-02-22

## Critical Vulnerability Information - **Vulnerability Title**: ujcms 10.0.2 JDBC Connection Injection - **Vulnerability Description**: - In the `ImportDataController`'s `importChannel` endpoint, the…

Read more
Hyland OnBase Unauthenticated .NET Remoting RCE (CVE-2026-26221)
www.vulncheck.com · 2026-02-21

## Critical Vulnerability Information ### Vulnerability Name Hyland OnBase Timer Services Unauthenticated .NET Remoting RCE ### Severity Level CRITICAL ### Release Date 2/13/2026 ### Affected Versions…

Read more
jsonwebtoken Type Confusion Bypasses nbf Validation (CVE-2026-25537)
github.com · 2026-02-05

## Critical Vulnerability Information - **CVE ID**: CVE-2026-25537 - **Severity**: Medium ### Vulnerability Overview - **Type**: Type confusion vulnerability - **Location**: Declaration validation log…

Read more
WordPress Plugin Unauth Access/SQLi/Sensitive Info Disclosure Analysis
plugins.trac.wordpress.org · 2026-01-28

### Critical Vulnerability Information #### 1. Use of Unvalidated Input - **Location**: REST API route handling functions - **Description**: Client-submitted data is not adequately validated, posing p…

Read more
CISA ICSA-22-202-04: Mitsubishi/ICONICS Vulnerabilities (RCE/Path Traversal)
www.cisa.gov · 2026-01-20

### Key Information #### Summary - **Title**: ICONICS Suite and Mitsubishi Electric MC Works64 Products (Update B) - **Last Revised**: January 15, 2026 - **Alert ID**: ICSA-22-202-04 - **Related Topic…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.