Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 410— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 3.7
Roundcube: Fix Arbitrary File Write via Unsafe Deserialization in redis/newcache Session Handler
github.com · 2026-04-03

### Vulnerability Overview This screenshot presents a security fix commit (Commit 44e4d99) in the Roundcube email client. It addresses an **arbitrary file write vulnerability** caused by **unsafe dese…

Read more
CVE-502: RCE via Unsafe Pickle Deserialization in Async Inference Pipeline
github.com · 2026-04-24

# Vulnerability Summary ## Overview - **Vulnerability ID**: CVE-502 (Deserialization of Untrusted Data) - **Description**: In the asynchronous inference pipeline, there exist unsafe calls to `pickle.l…

Read more
ZI-SA-2026-002: Arbitrary Code Execution via Unsafe Deserialization in LabOne Q | Zurich Instruments
www.zhinst.com · 2026-05-01

# Summary of Deserialization Vulnerability in Zurich Instruments LabOne Q ## Vulnerability Overview * **Vulnerability ID**: ZI-SA-2026-002 * **Vulnerability Type**: Unsafe Deserialization * **CVSS Sco…

Read more
SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditi
github.com · 2026-06-13

### Vulnerability Overview The `FileSystemTicketStore` in the SimpleSAMLphp `casserver` module contains a path traversal vulnerability, allowing remote attackers to read, deserialize, and delete targe…

Read more
Ray CVE-2024-2056 RCE via Parquet Cloudpickle Deserialization
github.com · 2026-05-09

### Vulnerability Overview A critical security vulnerability (CVE-2024-2056) has been identified in the Ray project, allowing attackers to execute arbitrary code through crafted Parquet files. This vu…

Read more
RCE in langgraph-checkpoint JsonPlusSerializer via Unsafe Deserialization
github.com · 2025-11-09

## Vulnerability Overview ### Vulnerability Name RCE in "json" mode of JsonPlusSerializer ### Affected Versions langgraph-checkpoint 3.0 ### Vulnerability Description Prior to version 3.0, JsonPlusSer…

Read more
Premium intel
CVSS 8.2
CVE-2024-4843 LangChain Unsafe Deserialization Vulnerability Advisory
github.com · 2026-05-27

### Vulnerability Overview **Vulnerability Name**: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlist **CVE ID**: CVE-2024-4843 **CVSS v3 base metr…

Read more
bitsery/CHANGELOG.md at master · fraillt/bitsery · GitHub
github.com · 2026-05-26

### Vulnerability Overview In version 5.2.5 (2025-10-09), a security vulnerability was identified. This vulnerability involves a security issue during the deserialization process, specifically: a craf…

Read more
RCE via Unsafe Deserialization in jsonpickle.loads
huntr.com · 2025-07-12

## Critical Vulnerability Information ### Vulnerability Description - **Type**: Unsafe Deserialization (`jsonpickle.loads`) - **Impact**: Remote Code Execution (RCE) - **Cause**: The `jsonpickle.loads…

Read more
gleam-lang: Fix toml deserialization validation bypass allowing config tampering
github.com · 2026-06-02

### Vulnerability Overview This vulnerability involves a security issue in the `toml` deserialization process within the `gleam-lang/gleam` project. Specifically, it manifests as a lack of strict vali…

Read more
CVE-2022-2265 Replicant Insecure Deserialization RCE
morielharush.github.io · 2026-04-02

# Replicant: When Deserialization Starts Writing Your Scripts ## Vulnerability Overview **Replicant** is an npm package for advanced JavaScript serialization and deserialization. This vulnerability (C…

Read more
CVSS 5.3
MetaGPT Unsafe Deserialization RCE in Message.check_instruct_content with POC
github.com · 2026-06-02

### Vulnerability Overview **Title**: [Security] Unsafe deserialization in Message.check_instruct_content() leads to code execution #2038 **Description**: The `metagpt/schema.py:Message.check_instruct…

Read more
CVSS 6.5
Apache ActiveMQ CVE-2023-46604 RCE Vulnerability Analysis and Mitigation
www.wordfence.com · 2026-05-08

# Vulnerability Summary ## Overview * **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) * **Vulnerability Type**: Remote Code Execution (RCE) * **Cause**: Th…

Read more
Red Hat JBoss EAP 6.4.20 Security Update (RHSA-2018:1450)
access.redhat.com · 2025-11-11

### Vulnerability Key Information - **Announcement ID**: RHSA-2018:1450 - **Release Date**: 2018-05-14 - **Update Date**: 2018-05-14 - **Type/Severity**: Important - **Subject**: Red Hat JBoss Enterpr…

Read more
Apache ActiveMQ CVE-2023-46604 RCE Vulnerability Summary
go.dev · 2026-05-22

# Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) **Vulnerability Description**: Apache ActiveMQ is a popul…

Read more
Premium intel
CVSS 7.5
openITCOCKPIT v5.3.1 Unsafe PHP Deserialization Vulnerability Analysis
github.com · 2026-02-21

# Critical Vulnerability Summary ## Affected Products and Versions - **Product**: openITCOCKPIT Community Edition - **Version**: v5.3.1 ## Vulnerability Category - Insecure Deserialization - PHP Objec…

Read more
Premium intel
CVSS 7.3
Bitser v5.2.4 Unsafe Deserialization Vulnerability Analysis with POC
gist.github.com · 2026-05-26

### Vulnerability Overview An insecure deserialization vulnerability has been discovered in Bitser v5.2.4 and earlier versions. This vulnerability allows type confusion, which can lead to address leak…

Read more
Apache Fury/PyFury Deserialization Bypass and RCE Vulnerabilities (CVE-2026-50076/48207) Advisory
fory.apache.org · 2026-06-13

### Vulnerability Overview Apache Fury contains multiple security vulnerabilities, primarily involving bypasses of deserialization checks and denial of service (DoS) issues. ### Affected Versions 1. *…

Read more
www.wordfence.com · 2026-05-05

# Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) **Description**: Apache ActiveMQ is an open-source messag…

Read more
CVSS 3.7
NutzBoot LiteRPC Unauthenticated Java Deserialization RCE
github.com · 2025-12-04

### Key Information Extraction #### Affected Products - NutzBoot (LiteRPC + Loach modules) #### Version Information - **Affected Versions**: 2.6.0-SNAPSHOT (current dev branch, check specific commits …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.