Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 302— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Hugging Face Transformers CVE-2025-14930 Deserialization RCE Advisory
www.zerodayinitiative.com · 2025-12-29

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: (0Day) Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability - **ID**: - …

Read more
IBM WebSphere EDataGraphImpl Deserialization Info Disclosure (CVE-2021-20353)
www.zerodayinitiative.com · 2025-11-20

## IBM WebSphere EDataGraphImpl Deserialization of Untrusted Data Information Disclosure Vulnerability - **Vulnerability IDs:** ZDI-21-174, ZDI-CAN-12478 - **CVE ID:** CVE-2021-20353 - **CVSS Score:**…

Read more
vLLM prompt_embs Deserialization DoS and Potential RCE (CVE-2025-62164)
github.com · 2025-11-21

### Key Information Summary #### Vulnerability Overview - **Vulnerability Name**: VLLM prompt_embs deserialize allows DoS and potential RCE - **CVE ID**: [CVE-2025-62164](#) #### Affected Versions - *…

Read more
PyDrive2 CVE-2023-49297 Insecure YAML Deserialization Vulnerability Analysis
github.com · 2025-11-19

### Key Information Summary - **Vulnerability Type**: Unsafe YAML Deserialization - **Impact Scope**: Arbitrary code execution occurs when a maliciously crafted YAML file exists in the same directory …

Read more
HP Storage Essentials CVE-2017-10992 Java Deserialization RCE Advisory
labs.integrity.pt · 2025-11-19

## Critical Vulnerability Information ### 1. Vulnerability Attributes - **Title**: HP Storage Essentials Remote Code Execution via Java deserialization - **CVE ID**: CVE-2017-10992 - **CVSSv3 Base Sco…

Read more
Jenkins Security Advisory: Multiple High-Severity Vulnerabilities (XSS, Deserialization, Path Traversal)
www.jenkins.io · 2025-11-19

### Jenkins Security Advisory 2021-01-13 #### Vulnerabilities Announced - **Jenkins (core)** - **Bumblebee HP ALM Plugin** - **TICS Plugin** - **tracetronic ecu.test Plugin** #### Descriptions 1. **XS…

Read more
Jenkins Security Advisory 2021-01-13: Multiple High-Severity Vulnerabilities (XSS, File Read, Deserialization)
www.jenkins.io · 2025-11-20

## Jenkins Security Advisory 2021-01-13 ### Key Information about Vulnerabilities #### XSS Vulnerability in Notification Bar - **CVE:** CVE-2021-21603 - **Severity:** High - **Description:** Attackers…

Read more
XStream CVE-2021-39149 Deserialization RCE Vulnerability with PoC
x-stream.github.io · 2025-11-20

### Key Information #### Vulnerability ID CVE-2021-39149 #### Vulnerability Type Arbitrary Code Execution Vulnerability #### Affected Versions XStream 1.4.17 and earlier versions #### Description Duri…

Read more
MISP 2.4.157 PHAR Deserialization RCE Vulnerability (CVE-2022-29528) Advisory
zigrin.com · 2025-11-19

### Key Information - **Date**: 2022-04-20 - **Affected Vendor**: - CIRCL – Computer Incident Response Center Luxembourg - **Affected Product**: - MISP – Open Source Threat Intelligence Platform & Ope…

Read more
Zammad Insecure Deserialization RCE Advisory (CVE-2021-42090)
zammad.com · 2025-11-19

## Security Advisory Details - **ID:** ZAA-2021-14 - **Date:** 10/05/2021 - **Title:** Remote code execution due to insecure deserialization - **Severity:** medium - **Product:** Zammad 1.0.x up to 4.…

Read more
ZMQ Pickle Deserialization RCE in Meta/NVIDIA/vLLM (CVE-2024-50050, CVE-2025-30165)
www.oligo.security · 2025-11-19

From this web page screenshot, the following key information about the vulnerability can be extracted: 1. **Vulnerability Overview** - ShadowMQ: A critical vulnerability spreading through code reuse. …

Read more
CVE-2021-21247: Post-Auth Unsafe Deserialization in BasePage AJAX
github.com · 2025-11-20

**Vulnerability Information:** - **Description**: Post-Auth Unsafe Deserialization on BasePage (AJAX) - **Severity**: Critical (CVE-2021-21247) - **Affected Versions**: <4.0.2 - **Patched Version**: 4…

Read more
GLPI 0.83.9 Unserialization Vulnerability (CWE-502) Analysis
seclists.org · 2025-11-14

### Critical Vulnerability Information - **Advisory Title**: unserialize vulnerability in GLPI - **Product**: GLPI 0.83.9 - **Discovered by**: Xavier Mehrenberger @Cassidian CyberSecurity - **Vulnerab…

Read more
Apache Batik/FOP/XMLGraphics Commons SSRF/XXE/Deserialization Vulnerability Advisory
xmlgraphics.apache.org · 2025-11-14

- **Apache™ Batik Project Security:** - CVE-2022-44729 / SSRF vulnerability / Fixed in Batik 1.17 - CVE-2022-44730 / SSRF vulnerability / Fixed in Batik 1.17 - CVE-2022-42890 / SSRF vulnerability / Fi…

Read more
Node.js Security Audit: X-Forwarded Spoofing, Directory Traversal, CSRF, and Insecure Deserialization Analysis
github.com · 2025-11-14

### Critical Vulnerability Information 1. **X-Forwarded-Headers Handling** - The code processes `X-Forwarded-*` headers but does not verify their authenticity. This may enable Header Manipulation atta…

Read more
CVE-2023-46801: Apache Linkis DataSource Deserialization RCE
lists.apache.org · 2025-11-14

**CVE-2023-46801: Apache Linkis DataSource: Remote code execution vulnerability in Apache Linkis 1.4.0** **Severity:** Moderate **Affected Versions:** - Apache Linkis DataSource 1.4.0 before 1.6.0 **D…

Read more
Apache OFBiz CVE-2019-0189 Deserialization Vulnerability Fix Analysis
lists.apache.org · 2025-11-14

## Critical Vulnerability Information - **CVE ID**: CVE-2019-0189 - **Fix Content**: Improved the ObjectInputStream class ### Report and Fix Details - **Reporter**: Dikpal Kanungo - **Fixer**: Jacques…

Read more
Rockwell ISaGRAF Workbench Deserialization & Path Traversal Vulnerabilities (CVE-2022-2463/2464/2465)
www.cisa.gov · 2025-11-14

### Critical Vulnerability Information #### 1. Executive Summary - **CVSS v3**: 8.6 - **Concern**: Low attack complexity - **Vendor**: Rockwell Automation - **Product**: ISaGRAF Workbench - **Vulnerab…

Read more
Splunk Enterprise Windows Path Injection Leading to Unsafe Deserialization (CVE-2024-23678)
advisory.splunk.com · 2025-11-14

### Critical Vulnerability Information - **Advisory ID**: SVD-2024-0108 - **CVE ID**: CVE-2024-23678 - **Published**: 2024-01-22 - **Last Update**: 2024-01-30 - **CVSSv3.1 Score**: 7.5, High - **CWE**…

Read more
Apache NiFi Security Advisory: CVE-2020-27218 (HTTP Request Smuggling) and CVE-2021-20190 (Deserialization)
lists.apache.org · 2025-11-13

## Critical Vulnerability Information ### CVE-2020-27218 - **Affected Versions**: Apache NiFi 1.2.0 - 1.12.1 - **Description**: The Jetty server dependency contains an HTTP Request Smuggling vulnerabi…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.