Security Intel Hub 302— Search: `反序列化`×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

datrie Trie Arbitrary Code Execution via Unsafe Pickle Deserialization

github.com · 2026-04-06

# Vulnerability Summary: datrie.Trie Arbitrary Code Execution ## 1. Vulnerability Overview The `Trie` class within the `datrie` library utilizes the unsafe `pickle.load()` method to deserialize intern…

Unsafe Deserialization in Erlang hex_core/rebar3 (CVE-2026-21619)

cna.erlef.org · 2026-04-07

### Vulnerability Overview * **CVE ID**: CVE-2026-21619 * **Vulnerability Name**: Unsafe Deserialization of Erlang Terms in hex_core * **CVSS Score**: 2.0 (Low) * **Vulnerability Type**: Uncontrolled …

Erlang Hex/Rebar3 Unsafe Deserialization Vulnerability (CVE-2026-21619) Advisory

osv.dev · 2026-04-07

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability ID:** `EEF-CVE-2026-21619` (Alias: `CVE-2026-21619`, `GHSA-hx9w-j2w9-9y98`) * **Vulnerability Type:** Unsafe D…

phpBB 3.2.3 Phar Deserialization RCE Exploit (EDB-ID: 46512)

www.exploit-db.com · 2026-04-06

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability Name**: phpBB 3.2.3 - Remote Code Execution (RCE) * **EDB-ID**: 46512 * **CVE ID**: N/A * **Author**: ALLYSHKА * **Type**: WEBAPP…

cfs-GroundSystem pickle.load() Arbitrary Code Execution Vulnerability

github.com · 2026-04-04

## [SECURITY] pickle.load() arbitrary code execution in cfs-GroundSystem #551 **Status:** Open (Unresolved) ### Overview A critical security vulnerability exists in the `cfs-GroundSystem` project due …

Roundcube Webmail 1.5.14 Security Update: Pre-Auth File Write via Deserialization, IMAP Injection, XSS

github.com · 2026-04-03

### Roundcube Webmail 1.5.14 安全更新总结 **漏洞概述** Roundcube Webmail 1.5.14 版本发布，修复了多个严重安全漏洞，包括： - **任意文件写入**：通过 Redis/Memcache 会话处理器中的不安全反序列化，可在未认证状态下写入任意文件。 - **密码修改绕过**：修复了无需提供旧密码即可更改密码的缺陷。 - **IMAP 注入 /…

Roundcube Webmail Security Update: SSRF, XSS, Deserialization Fixes

roundcube.net · 2026-04-03

### 漏洞概述 Roundcube Webmail 发布安全更新（版本 1.7-rc5、1.6.14 和 1.5.14），修复了多个近期报告的安全漏洞。 ### 影响范围 - Roundcube Webmail 1.6 和 1.5 LTS 版本 - Roundcube Webmail 1.7 的候选版本（1.7-rc5） ### 修复方案建议立即升级至以下版本以修复所有已知漏洞： - **1.…

Authenticated RCE via PHP Insecure Deserialization in Intermezz/groupoffice

github.com · 2026-04-03

### Vulnerability Summary - **Summary/Description**: This is a remote code execution (RCE) vulnerability caused by insecure PHP deserialization. An authenticated user can execute arbitrary system comm…

NVIDIA BioNeMo Framework Deserialization Vulnerability Advisory (CVE-2026-24164/165)

nvidia.custhelp.com · 2026-04-02

## NVIDIA BioNeMo Framework Security Bulletin - March 2026 ### Vulnerability Overview | CVE ID | Description | Vector | CVSS Score | Severity | CWE | Impact | |--------|------|------|-----------|-----…

NVIDIA BioNeMo Deserialization Vulnerability CVE-2026-24164 Analysis

nvd.nist.gov · 2026-04-02

# CVE-2026-24164 Vulnerability Summary ## Vulnerability Overview | Attribute | Content | |:---|:---| | **CVE ID** | CVE-2026-24164 | | **Status** | AWAITING ANALYSIS | | **Vulnerability Type** | Deser…

WatchGuard Fireware Insecure Deserialization in Access Portal (CVE-2026-4266)

www.watchguard.com · 2026-04-02

### Vulnerability Key Information Summary **Vulnerability Overview** * **Name**: WatchGuard Firebox Insecure Deserialization in Fireware Access Portal * **CVE ID**: CVE-2026-4266 * **Description**: An…

mchange-commons-java JNDI Deserialization RCE Vulnerability (CVE-2026-27727)

github.com · 2026-02-26

## Critical Vulnerability Information ### Vulnerability Description - **Title**: mchange-commons-java prior to v0.4.0 can be dangerously abused to download and execute malicious code - **Publisher**: …

LangGraph BaseCache Deserialization RCE (CVE-2026-27794)

github.com · 2026-02-26

The following key information about the vulnerability can be obtained from the screenshot: ```markdown ## Vulnerability Overview - **Vulnerability Identifier**: ZDI-CAN-28385 - **Vulnerability Descrip…

WooCommerce Custom Product Tabs Lite 1.9.1 Update: Potential SQLi and Deserialization Risks

plugins.trac.wordpress.org · 2026-02-26

### Key Information #### Changeset - **ID**: 3226839 - **Timestamp**: 01/22/2025 12:34:55 PM - **Author**: SkyVerge - **Message**: Committing 1.9.1 to trunk - **Location**: woocommerce-custom-product-…

CVE-2026-27830: c3p0 Java Deserialization RCE Vulnerability

github.com · 2026-02-26

### Critical Vulnerability Information #### Overview - **Title**: c3p0 prior to v0.12.0 can be dangerously abused to download and execute malicious code - **Publisher**: swaldman - **CVE ID**: CVE-202…

Apache Camel camel-leveldb Deserialization RCE (CVE-2026-25747) Analysis and Exploitation

github.com · 2026-02-23

### Vulnerability Key Information Summary #### 1. Vulnerability Overview - **CVE ID**: CVE-2026-25747 - **Component**: camel-leveldb - **Affected Class**: DefaultLevelDBSerializer.java - **Vulnerable …

datapizza-ai Redis Cache Unsafe Deserialization RCE via pickle.loads()

github.com · 2026-02-23

### Summary - **Vulnerability:** Unsafe Deserialization via pickle.loads() in datapizza-ai Redis cache. - **Impact:** Allows Remote Command Execution on the server host. - **CVSSv3:** HIGH 7.9/10 - **…

datapizza-ai v0.0.7 Unsafe Deserialization in Redis Cache via pickle.loads()

github.com · 2026-02-23

### Key Information Summary - **Vulnerability Type**: Unsafe Deserialization - **Affected Component**: `pickle.loads()` in `datapizza-ai Redis cache` - **CVSS Score**: 7.9 (High) - Base Score 3.1 (per…

datapizza-ai 0.0.2 Deserialization Vulnerability (CVE-2026-2970)

vuldb.com · 2026-02-23

- **Vulnerability Description**: A critical vulnerability in `datapizza-labs datapizza-ai 0.0.2`, affecting the `RedisCache` function in `cache/redis/cache.py`. Data deserialization issue can occur wi…

CVE-2026-26208: ADB Explorer Insecure Deserialization RCE

github.com · 2026-02-21

### Vulnerability Key Information #### Vulnerability Overview - **Vulnerability Type**: Insecure Deserialization leading to Remote Code Execution (RCE) - **Source**: ADB Explorer - **Vulnerability ID*…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 302— Search: 反序列化×

Security Intel Hub 302— Search: `反序列化`×