Security Intel Hub 302— Search: `反序列化`×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Pyro 3.x Unsafe Pickle Deserialization Leads to Unauthenticated RCE

github.com · 2026-04-18

# Vulnerability Overview Pyro 3.x contains an insecure pickle deserialization vulnerability. An attacker can send a specially crafted serialized payload to a Pyro 3.x server and exploit Python’s `pick…

OpenAM Deserialization Bypass of CVE-2021-35464 Leading to RCE

github.com · 2026-04-08

### Vulnerability Summary: OpenAM Deserialization Remote Code Execution **Vulnerability Overview** OpenAM 16.0.5 (and earlier versions) contains a deserialization vulnerability (a variant/bypass of CV…

vBulletin 5.x Deserialization RCE Exploit Analysis

karmainsecurity.com · 2025-05-28

From this webpage screenshot, the following key information about the vulnerability can be obtained: ### Vulnerability Overview - **Vulnerability Type**: N-Day vBulletin RCE (Remote Code Execution) - …

Pipecast LivekitFrameSerializer Pickle Deserialization RCE (GHSA-c3jg-5cp7-6wc7)

github.com · 2026-04-24

# Vulnerability Summary: Pipecast Remote Code Execution Vulnerability ## Overview * **Vulnerability Name**: Remote Code Execution (RCE) caused by Pickle deserialization via `LivekitFrameSerializer` * …

cryptidy Python Library Untrusted Deserialization RCE via pickle.loads

github.com · 2025-10-31

### Key Information Summary #### Vulnerability Overview - **CVE ID**: Not assigned - **Vulnerability Type**: CWE-502: Deserialization of Untrusted Data - **Impact**: Remote Code Execution (RCE), Infor…

FreeScout CVE-2020-5436 Unserialization RCE Vulnerability Analysis

github.com · 2025-07-30

### Critical Vulnerability Information #### Vulnerability Overview - **Vulnerability Type**: Remote Code Execution (RCE) due to deserialization of untrusted data - **CVE ID**: CVE-2020-5436 - **CVSS v…

CraftCMS Commerce RCE via SQLi and PHP Deserialization (CVE-2026-52271)

github.com · 2026-04-18

# Vulnerability Summary: craftcms/commerce Remote Code Execution Vulnerability ## Overview This vulnerability exists in the TotalRevenue widget of `craftcms/commerce`. An attacker can leverage an SQL …

OpenTelemetry .NET gRPC RetryDelay Deserialization Fix

github.com · 2026-04-24

### Vulnerability Overview The webpage screenshot illustrates an issue related to deserialization of `GrpcStatusDetailsHeader`, specifically the functionality of retrieving `GrpcRetryDelay` from `Grpc…

NXT Plugin Fix: Unauthorized Access and PHP Deserialization Vulnerability

plugins.trac.wordpress.org · 2026-01-27

### Key Information 1. **Enhanced Security Measures** - Removed `wp_ajax_nopriv_*` actions that could be triggered by unauthenticated users, to prevent security risks caused by unauthorized access. 2.…

Hugging Face LeRobot Async Inference gRPC Unpickle RCE (#3047)

github.com · 2026-04-24

# Vulnerability Summary: Insecure Pickle Deserialization Vulnerability in Hugging Face /lerobot Asynchronous Inference ## Overview - **Vulnerability ID**: #3047 - **Vulnerability Type**: CWE-502 - Des…

TYPO3 FileSpool Deserialization Hardening (CVE-2026-0859)

github.com · 2026-01-20

### Key Information **1. Vulnerability Type** ``` [SECURITY] Hardening message deserialization in FileSpool transport ``` **2. Vulnerability Description** - **Issue**: Serialized messages using the de…

FunAdmin v7.1.0-rc4 Unsafe Deserialization Leading to Arbitrary File Write

github.com · 2026-02-22

### Critical Vulnerability Information - **Product Information** - Product Name: FunAdmin - PHP Version: 8.2.9 - FunAdmin Version: v7.1.0-rc4 - Product Link: [https://gitee.com/funadmin/funadmin](http…

FunAdmin v7.1.0-rc4 Insecure Deserialization Leads to Arbitrary File Write

github.com · 2026-02-22

## Vulnerability Key Information ### Product Information - Product: [https://gitee.com/funadmin/funadmin](https://gitee.com/funadmin/funadmin) - PHP Version: 8.2.9 - FunAdmin Version: v7.1.0-rc4 ### V…

SinGooCMS.Utility Deserialization Vulnerability (CVE-2022-0749)

snyk.io · 2025-11-08

# Vulnerability Information ## Vulnerability Name Deserialization of Untrusted Data ## Affected Scope - **Affected Package**: singooocms.utility - **Affected Versions**: [0, ] ## Vulnerability Details…

Python pickle Deserialization RCE Vulnerability and PoC Analysis

github.com · 2025-09-26

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Remote Code Execution (RCE) - **Affected Endpoint**: `/calculate` - **Cause**: Unsafe deserialization of user-provided data us…

Python pickle Deserialization RCE Vulnerability and PoC Analysis

github.com · 2025-09-26

### Key Information Summary #### Vulnerability Overview - **Type**: Remote Code Execution (RCE) vulnerability - **Location**: `experiments.robot.bridge.reasoning_server::run_reasoning_server` - **Desc…

Unbounded Memory Allocation in Deserialization · Advisory · ndsev/zserio · GitHub

github.com · 2026-04-25

# Unbounded Memory Allocation in Deserialization (CVE-2026-3524) ## Vulnerability Overview * **Vulnerability Name**: Unbounded Memory Allocation in Deserialization (反序列化中的无界内存分配) * **CVE ID**: CVE-202…

Clipboard deserialization global-buffer-overflow · Advisory · deskflow/deskflow · GitHub

github.com · 2026-04-25

### Vulnerability Overview - **Vulnerability Name**: Clipboard deserialization global-buffer-overflow - **Vulnerability Type**: Remote memory safety vulnerability, specifically a global buffer overflo…

Apache ActiveMQ OpenWire Deserialization RCE Vulnerability and POC

ntfy.com · 2026-04-24

# Vulnerability Summary ## Overview This vulnerability involves a deserialization flaw in the **OpenWire protocol** of **Apache ActiveMQ**. An attacker can craft malicious packets and exploit the dese…

LeRobot Unsafe Deserialization RCE via gRPC (Pickle)

www.vulncheck.com · 2026-04-24

# LeRobot Insecure Deserialization Remote Code Execution Vulnerability (gRPC) ### Vulnerability Overview An insecure deserialization vulnerability exists in LeRobot’s asynchronous inference pipeline. …

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 302— Search: 反序列化×

Security Intel Hub 302— Search: `反序列化`×