Security Intel Hub 407— Search: 反序列化×

dromara dataCompare ≤1.0.1 JDBC URL Injection Leading to RCE/Arbitrary File Read

Based on the information in the web page screenshot, the following key details about the vulnerability can be extracted: ### Vulnerability Description - **Vulnerability Type**: Arbitrary File Read and…

Zebra 4.3.0 Security Advisory: Fixes for CVE-2026-34202 (DoS) and CVE-2026-34377 (Consensus Failure)

### Vulnerability Key Information Summary #### 1. Vulnerability Overview This page discloses two critical security vulnerabilities related to the Zebra 4.3.0 version: * **CVE-2026-34202 (Critical, CVS…

Oracle WebLogic Server wls-wsat RCE Vulnerability (CVE-2022-22421) Analysis and PoC

### Vulnerability Summary **Vulnerability Overview** * **CVE ID:** CVE-2022-22421 * **Vulnerability Type:** Remote Code Execution (RCE) * **Affected Component:** `wls-wsat` module in Oracle WebLogic S…

LangChain f-string Template Injection Vulnerability Fix Analysis

### Vulnerability Overview The prompt templates in the LangChain core library are susceptible to **f-string template injection** vulnerabilities. Attackers can construct malicious f-string template in…

LangChain Prompt Template Injection Vulnerability Fix

# Vulnerability Summary: LangChain Prompt Template Injection Fix ## Vulnerability Overview This commit fixes a security vulnerability in the LangChain core library's Prompt templates. The previous imp…

free5GC UDR CVE-2025-0249 Policy Data Subscription Handling Flaw

### Vulnerability Overview - **Vulnerability Name**: UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut - **Vulnerability Description**: In the free5GC UDR service, the `/nudr/dr/v2/pol…

Apache Camel Security Advisory - CVE-2026-40048 - Apache Camel

# Apache Camel Security Advisory: CVE-2026-40048 ## Vulnerability Overview **Severity**: HIGH **Summary**: Insecure deserialization vulnerability (`FileBasedKeyLifecycleManager`) exists in the Camel-P…

Jenkins Security Advisory: 7 Plugin Vulnerabilities (CVE-2026-42519 to 42525)

# Jenkins Security Advisory 2026-04-29 Vulnerability Summary ## Vulnerability Overview This advisory covers 7 security vulnerabilities, involving issues such as missing permission checks, path travers…

CVEs/README.md at main · j4kb4dw0lf/CVEs · GitHub

# CVE-2025-63547 & CVE-2025-63548 Vulnerability Summary ## CVE-2025-63547: Denial of Service via Zero-Length MTU Allocation * **Vulnerability Type**: Unsafe packet validation (Denial of Service) * **A…

Agent crashes when receiving invalid Boolean values (not 0 or 1) · Issue #389 · eProsima/Micro-XRCE-DDS-Agent

# Vulnerability Summary ## Overview **Title**: Agent crashes when receiving invalid Boolean values (not 0 or 1) #389 **Status**: Closed (Fixed) **Reporter**: jakb4dw0lf **Fixer**: 4nth **Description**…

# Vulnerability Summary ## Overview - **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) - **Vulnerability Type**: Remote Code Execution (RCE) - **Root Cause*…

Allocation Amplification in Inbound Network Deserializers · Advisory · ZcashFoundation/zebra · GitHub

# Vulnerability Overview **CVE-XXXX-XXXX: Allocation Amplification in Inbound Network Deserialization** Zebra's multiple inbound deserialization paths utilize buffer allocations targeted at general tr…

CVE-2026-31214 | Notion

# CVE-2026-31214 Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: CVE-2026-31214 - **Vulnerability Type**: Insecure Deserialization - **Vulnerability Description**: The `torch…

CVE-2026-31221 | Notion

# CVE-2026-31221 Vulnerability Summary ## Vulnerability Overview PyTorch Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CVE-502) in their checkpoint loading me…

CVE-2026-31229 | Notion

# CVE-2026-31229 Vulnerability Summary ## Overview **CVE-2026-31229** is an **insecure `torch.load` deserialization vulnerability** (CWE-502) present in the Adversarial Robustness Toolbox (ART). When …

CVE-2026-31232 | Notion

# CVE-2026-31232 Vulnerability Summary ## Overview **CVE-2026-31232** is an **unsafe `torch.load` deserialization vulnerability** (CWE-502) within the CosyVoice project. When CosyVoice's Web UI loads …

CVE-2026-31239 | Notion

# CVE-2026-31239 Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: CVE-2026-31239 - **Vulnerability Type**: Unsafe `torch.load` deserialization vulnerability - **Affected Compone…

CVE-2026-31249 | Notion

# CVE-2026-31249 Vulnerability Summary ## Overview **CVE-2026-31249** is an **unsafe deserialization vulnerability** (CWE-502) in the CosyVoice data preprocessing tool `make_parquet_list.py`. The vuln…

更新日志 - Oinone | Oinone

# Vulnerability Summary ## Vulnerability Overview In the v7.2 version release notes, several security vulnerabilities were fixed, including: - Fixed multi-tenant Redis Key prefix matching issue - Fixe…