Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 302— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Anritsu ShockLine CHX File Parsing Deserialization RCE (CVE-2025-15348)
www.zerodayinitiative.com · 2026-01-27

### Vulnerability Key Information #### Basic Information - **Date**: December 30th, 2025 - **Title**: (0Day) Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution …

Read more
Laravel Reverb <1.7.0 Insecure Deserialization RCE Vulnerability
github.com · 2026-01-27

### Vulnerability Key Information #### Vulnerability Description - **Vulnerability Type**: Insecure Deserialization (CWE-502) - **Severity**: Critical (9.8) - **Impact**: Affects Laravel Reverb versio…

Read more
Tendenci Helpdesk Insecure Deserialization Vulnerability (CVE-2026-23946) Analysis
github.com · 2026-01-27

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Deserialization vulnerability in Tendenci Helpdesk module - **CVE ID**: CVE-2026-23946 - **GitHub Advisory ID**: GHSA-339m-4qw…

Read more
PLY CVE-2025-56005: Untrusted Data Deserialization RCE
github.com · 2026-01-27

### Critical Vulnerability Information - **Vulnerability Name**: Undocumented Remote Code Execution in PLY - **CVE ID**: CVE-2025-56005 - **Reporter**: Ahmed Abd - **Disclosure Date**: July 1, 2025 - …

Read more
GPT Academic CVE-2026-0762 Deserialization RCE via stream_daas
www.zerodayinitiative.com · 2026-01-27

- **CVE ID**: CVE-2026-0762 - **CVSS Score**: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) - **Affected Vendor**: GPT Academic - **Affected Product**: GPT Academic - **Vulnerability Details**: - This vul…

Read more
Langflow Deserialization RCE Vulnerability (CVE-2026-0772) Advisory
www.zerodayinitiative.com · 2026-01-27

### Critical Vulnerability Information - **CVE ID**: CVE-2026-0772 - **CVSS Score**: 7.5, AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - **Affected Vendors**: Langflow - **Affected Products**: Langflow - **Vul…

Read more
Apache Karaf Decanter log-socket Deserialization Vulnerability (CVE-2026-24656)
lists.apache.org · 2026-01-27

**CVE-2026-24656: Apache Karaf: Decanter log-socket collector has deserialization vulnerability** - **Severity:** important - **Affected versions:** - Apache Karaf (org.apache.karaf.decanter.collector…

Read more
Fastjson 1.2.47 Deserialization RCE Vulnerability Reproduction and Exploitation Analysis
github.com · 2026-01-20

### Vulnerability Key Information #### Vulnerability Description - **Vulnerability Type**: Fastjson 1.2.47 Deserialization Remote Code Execution (RCE) - **Affected Versions**: Fastjson 1.2.47 and earl…

Read more
Python Pickle Deserialization RCE via ctypes/pydoc Gadget Chain Bypass
github.com · 2026-01-20

From the screenshot, the following key information about the vulnerability can be extracted: ### Summary - **Vulnerability Name**: `ctypes and pydoc gadget chain to bypass detection` - **Publisher**: …

Read more
llama-index 0.11.16 Arbitrary Code Execution via Pickle Deserialization
huntr.com · 2026-01-20

--- ### Vulnerability Overview - **Vulnerability Type**: CWE-434: Arbitrary File Upload with Dangerous Type - **Severity**: High (8.8) - **Attack Vector**: Network - **Attack Complexity**: Low - **Req…

Read more
Picklescan <0.0.21 Insecure Deserialization Bypass Leading to RCE (CVE-2025-1716)
www.sonatype.com · 2026-01-03

### Key Information Summary #### Vulnerability ID CVE-2025-1716 #### Vulnerability Description - **Issue**: In versions of `picklescan` prior to 0.0.21, there is an insecure deserialization vulnerabil…

Read more
PluXml 5.8.22 Deserialization RCE via Phar Gadget Chain
vuldb.com · 2026-01-03

### Critical Vulnerability Information - **Title**: PluXml 5.8.22 Deserialization Vulnerability - **Description**: - PluXml CMS version 5.8.22 and earlier contains a critical backend deserialization v…

Read more
Tencent NeuralNLP-NeuralClassifier Untrusted Data Deserialization RCE (CVE-2025-13708)
www.zerodayinitiative.com · 2025-12-29

Key vulnerability information extracted from the web screenshot: - **Vulnerability Title**: - Tencent NeuralNLP-NeuralClassifier _load_ checkpoint Deserialization of Untrusted Data Remote Code Executi…

Read more
Tencent Hunyuan3D-1 Untrusted Data Deserialization RCE (CVE-2025-13713)
www.zerodayinitiative.com · 2025-12-29

### Critical Vulnerability Information - **CVE ID:** CVE-2025-13713 - **CVSS Score:** 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - **Affected Vendor:** Tencent - **Affected Product:** Hunyuan3D-1 - **Vu…

Read more
Hugging Face Accelerate Deserialization RCE (CVE-2025-14925)
www.zerodayinitiative.com · 2025-12-29

### Key Vulnerability Information - **Title**: (0Day) Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability - **Identifier**: - ZDI-25-1140 - ZDI-CAN-27985 - CV…

Read more
NutzBoot LiteRPC Unauthenticated Java Deserialization RCE
vuldb.com · 2025-12-04

```md ## Vulnerability Key Information ### Title Nutz Framework NutzBoot 2.6.0-SNAPSHOT Code Execution (Unauthenticated Java Deserialization) ### Description - An exposed LiteRPC HTTP endpoint allows …

Read more
UNA CMS Deserialization Vulnerability (CVE-2025-32101) Advisory and Fix
karmainsecurity.com · 2025-12-05

- **Vulnerability Information** - **Affected Software and Versions**: - UNA CMS <= 14.0.0-RC4 - Specific affected version range: All versions from 9.0.0-RC1 to 14.0.0-RC4 - **Vulnerability Description…

Read more
CVE-2025-1913 WordPress Plugin PHP Deserialization Vulnerability PoC
github.com · 2025-12-06

### Key Information about the Vulnerability from the Screenshot - **CVE Identifier:** CVE-2025-1913 - **PoC Purpose:** Educational-only, demonstrating unsafe handling of serialized PHP data in WordPre…

Read more
CSLA .NET NetDataContractSerializer Deserialization RCE (CVE-2025-66631)
github.com · 2025-12-10

### Critical Vulnerability Information #### Title - **Remote Code Execution via WcfProxy (NetDataContractSerializer)** #### Severity - **High** #### Impact - **Affected Versions:** = 6 #### Descriptio…

Read more
Tencent FaceDetection-DSFD Deserialization RCE Vulnerability (CVE-2025-13715)
www.zerodayinitiative.com · 2025-12-29

### Vulnerability Key Information - **Title**: - Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability - **ID**: - ZDI-25-1183 - ZDI-CAN-27197 - **CVE…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.