Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 302— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
HuggingFace LeRobot Unauthenticated RCE via Pickle Deserialization (CVE-2026-25874)
chocapikk.com · 2026-04-24

# CVE-2026-25874: HuggingFace LeRobot Deserialization Remote Code Execution Vulnerability ## Vulnerability Overview The asynchronous inference module of HuggingFace’s open-source robotics framework Le…

Read more
CVE-2026-26210: RCE via Unsafe Pickle Deserialization in gRPC PolicyServer balance_serve Module
github.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-26210 - **Description**: In the `balance_serve` module of gRPC PolicyServer, due to the use of the insecure `pickle.loads()` method, an at…

Read more
CVE-2026-6857: camel-infinispan Unsafe Deserialization RCE
bugzilla.redhat.com · 2026-04-22

# Vulnerability Summary ## Overview - **CVE ID**: CVE-2026-6857 - **Vulnerability Name**: camel-infinispan: Remote Code Execution via Unsafe Deserialization - **Status**: NEW - **Priority**: high - **…

Read more
OpenMage LTS Phar Deserialization RCE (CVE-2026-25524) Advisory and POC
github.com · 2026-04-21

# Phar Deserialization Leads to Remote Code Execution (RCE) ## Vulnerability Overview OpenMage LTS has a deserialization vulnerability when handling `phar://` stream wrapper paths. An attacker can upl…

Read more
v20.17.0 Security Advisory: Phar Deserialization, Path Traversal, Upload Bypass
github.com · 2026-04-21

### Vulnerability Overview In version `v20.17.0`, the following security vulnerabilities exist: 1. **Downgraded composer/composer (#5477)** 2. **Phar Deserialization (#5461)** 3. **Customer File Uploa…

Read more
Fortra GoAnywhere MFT Deserialization RCE Vulnerability
www.fortra.com · 2026-04-21

## Vulnerability Overview Fortra GoAnywhere MFT contains a remote code execution vulnerability caused by an insecure deserialization issue in the `getTask` method of the `TaskServiceImpl` class within…

Read more
Apache ActiveMQ CVE-2023-46604 Deserialization RCE Vulnerability and POC
www.wordfence.com · 2026-04-19

# Vulnerability Summary ## Overview * **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) * **Vulnerability Type**: Deserialization Vulnerability * **Descripti…

Read more
Apache ActiveMQ CVE-2023-46604 Deserialization RCE Vulnerability and POC
www.wordfence.com · 2026-04-19

# Vulnerability Summary ## Overview * **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) * **Vulnerability Type**: Deserialization Vulnerability * **Descripti…

Read more
Apache ActiveMQ CVE-2023-46604 Deserialization RCE Vulnerability Analysis
www.wordfence.com · 2026-04-19

# Vulnerability Overview **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) **Vulnerability Description**: Apache ActiveMQ is a popular open-source message br…

Read more
OpenCart MaxD Lightning Module Deserialization Vulnerability (CVE-2025-0974)
vuldb.com · 2026-04-19

### Vulnerability Overview - **Vulnerability Name**: MaxD Lightning Module 4.43/4.44 on OpenCart li_op/md deserialization - **Vulnerability ID**: CVE-2025-0974 - **Vulnerability Type**: Deserializatio…

Read more
DataEase Deserialization RCE via Quartz and Commons-Collections POC
github.com · 2026-04-18

# Vulnerability Summary: Quartz Deserialization Leads to Remote Code Execution (RCE) ## Vulnerability Overview The official DataEase image includes the `velocity-1.7.jar` dependency, which relies on t…

Read more
CVE-2026-5426: Digital Knowledge KnowledgeDeployer ViewState Deserialization RCE
github.com · 2026-04-18

# Vulnerability Summary: MNDT-2026-0009 ## Overview - **Vulnerability ID**: MNDT-2026-0009 - **CVE ID**: CVE-2026-5426 - **Description**: The KnowledgeDeployer deployment may use a pre-shared ASP.NET …

Read more
Keras TFSMLayer Arbitrary Code Execution via Unsafe Deserialization
github.com · 2026-04-18

# Keras TFSMLayer Deserialization Vulnerability Summary ## Vulnerability Overview Keras's `TFSMLayer` has a security vulnerability when deserializing external `SavedModel`s. An attacker can create mal…

Read more
Pachno 1.0.6 FileCache Deserialization RCE Vulnerability and POC
www.zeroscience.mk · 2026-04-18

# Pachno 1.0.6 FileCache Deserialization Remote Code Execution Vulnerability ## Vulnerability Overview Pachno is an open-source collaboration platform for team project management, issue tracking, and …

Read more
Red Hat Quay CVE-2026-32590 Pickle Deserialization RCE
bugzilla.redhat.com · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID:** CVE-2026-32590 * **Vulnerability Name:** mirror-registry: remote code execution via pickle deserialization (Mirror…

Read more
praisonal CVE-2025-39890 YAML Deserialization RCE Vulnerability and PoC
github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** The vulnerability exists in the `AgentService.loadAgentFromFile` method within the `praisonal` package. This method uses the `js-yaml` library to p…

Read more
HuggingFace Transformers Trainer Arbitrary Code Execution via Unsafe torch.load (CVE-2026-1839)
huntr.com · 2026-04-07

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name:** Arbitrary Code Execution via Unsafe `torch.load()` in Trainer Checkpoint Loading in huggingface/transf…

Read more
SGLang Pickle Deserialization RCE (CVE-2026-3989/3990) and Fix Analysis
github.com · 2026-04-08

### Vulnerability Overview The SGLang project contains a critical security vulnerability (CVSS 9.8) stemming from deserialization operations performed by the `pickle.loads()` and `recv_pyobj()` functi…

Read more
pytries datrie Unsafe Deserialization Vulnerability (RCE)
vuldb.com · 2026-04-06

### Vulnerability Summary: pytries datrie Deserialization Vulnerability **Vulnerability Overview** This vulnerability exists within the `pytries datrie` library. The `datrie.Trie` class uses the unsaf…

Read more
datrie Arbitrary Code Execution via Insecure Deserialization with POC
github.com · 2026-04-06

## Vulnerability Overview **Vulnerability Name**: Arbitrary Code Execution via Insecure Deserialization in datrie.Trie (#109) **Description**: The `datrie.Trie` class contains a vulnerability when des…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.