Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 407— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CraftCMS Commerce RCE via SQLi and PHP Deserialization (CVE-2026-52271)
github.com · 2026-04-18

# Vulnerability Summary: craftcms/commerce Remote Code Execution Vulnerability ## Overview This vulnerability exists in the TotalRevenue widget of `craftcms/commerce`. An attacker can leverage an SQL …

Read more
www.wordfence.com · 2026-05-03

# Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) * **Vulnerability Type**: Remote Code Execution (RCE) *…

Read more
www.wordfence.com · 2026-05-05

# Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) * **Vulnerability Type**: Remote Code Execution (RCE) *…

Read more
H2O Unauthenticated RCE via Unrestricted JDBC URL Injection Leading to Deserialization and Command Execution
spear-shield.notion.site · 2024-09-07

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Type**: Unauthenticated Remote Code Execution (RCE). 2. **Vulnerability Descript…

Read more
CVSS 9.9
Kibana YAML Deserialization RCE Vulnerabilities (CVE-2024-37288/37285) and Mitigation
discuss.elastic.co · 2024-09-10

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Description**: - **Title**: Kibana arbitrary code execution via YAML deserialization in Am…

Read more
Premium intel
CVSS 9.0
SolarWinds ARM Hardcoded Creds Auth Bypass & Deserialization RCE (CVE-2024-28990/28991)
documentation.solarwinds.com · 2024-09-13

From this webpage screenshot, the following key information about the vulnerabilities can be obtained: 1. **Vulnerability IDs and Descriptions**: - **CVE-2024-28990**: SolarWinds Access Rights Manager…

Read more
Apache Seata Hessian Deserialization RCE Vulnerability (CVE-2024-22399) Advisory
lists.apache.org · 2024-09-17

### Key Information - **CVE Number**: CVE-2024-22399 - **Vulnerability Name**: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server - **Release Date**: …

Read more
CVSS 5.1
Apache Lucene Replicator Deserialization Vulnerability Advisory (CVE-2024-45772)
lists.apache.org · 2024-10-01

### Key Information - **Vulnerability ID**: CVE-2024-45772 - **Vulnerability Name**: Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue - **Release Platform*…

Read more
CVE-2024-47561: Apache Avro Java SDK Arbitrary Code Execution via Schema Parsing
lists.apache.org · 2024-10-07

### CVE-2024-47561: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) #### Key Information from the Webpage Screenshot: 1. **Severity**: Critical 2. **Affected Versions*…

Read more
Apache Batik/FOP/XML Graphics Commons SSRF/XXE/Deserialization Vulnerabilities Summary (CVE-2022-44729 etc.)
xmlgraphics.apache.org · 2024-10-10

From this webpage screenshot, the following key information about vulnerabilities can be obtained: 1. **Apache Batik Project - Apache Batik Security**: - Batik 1.17: SSRF vulnerability CVE-2022-44729 …

Read more
pac4j-core Java Deserialization RCE (CVE-2023-25581)
securitylab.github.com · 2024-10-12

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID and Name**: - Vulnerability ID: GHSL-2022-085 - Vulnerability Name: Java dese…

Read more
Chainer CVE-2024-48206 Deserialization Vulnerability Analysis
gist.github.com · 2024-11-03

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID**: CVE-2024-48206 2. **Description**: Chainer v7.8.1.post1 contains a vulnera…

Read more
PyTorch Distributed RPC RemoteModule Deserialization RCE Vulnerability with PoC
rumbling-slice-eb0.notion.site · 2024-11-03

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Type**: Distributed RPC Framework RemoteModule has Deserialization RCE in pytorc…

Read more
CVSS 5.5
Consensys gnark Deserialization DoS via Crafted Inputs (GHSA-cph5-3pgr-c82g)
github.com · 2024-11-03

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Title**: Out-of-memory during deserialization with crafted in…

Read more
Premium intel
CVSS 7.8
Telerik UI for WinForms Unsafe Deserialization Vulnerability (CVE-2024-10013) Advisory
docs.telerik.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Unsafe Deserialization Vulnerability (10013) 2. **Description**: - Produ…

Read more
Premium intel
CVSS 10.0
Siemens TeleControl Server Basic V3.1 Insecure Deserialization Vulnerability (CVSS 10.0)
cert-portal.siemens.com · 2024-11-17

### SSA-454789: Deserialization Vulnerability in TeleControl Server Basic V3.1 #### Key Information from the Webpage: 1. **Publication Date:** - 2024-11-12 2. **Last Update:** - 2024-11-12 3. **Curren…

Read more
CVSS 7.3
Siemens Engineering Platforms Session-Memory Deserialization Vulnerability (SSA-871035)
cert-portal.siemens.com · 2024-11-17

### Key Information #### Vulnerability Description - **Vulnerability ID**: SSA-871035 - **Vulnerability Name**: Session-Memory Deserialization Vulnerability - **Affected Products**: Siemens Engineerin…

Read more
Hugging Face Transformers Untrusted Data Deserialization RCE (CVE-2024-11392)
www.zerodayinitiative.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: (0Day) Hugging Face Transformers MobileViTV2 Deserialization of Untruste…

Read more
CVE-2023-51641: Allegra renderFieldMatch Untrusted Data Deserialization RCE
www.zerodayinitiative.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code E…

Read more
Allegra loadFieldMatch Deserialization RCE (CVE-2023-51642)
www.zerodayinitiative.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Exe…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.