Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 302— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
VINADES Joomla SQL Injection and Deserialization Fix
github.com · 2025-11-08

**Key Information Summary**: - **Commit Summary**: - Title: Security Fixes - Author: VINADES.JSC (authored and hoaquynhtim99 committed) - Commit Date: December 23, 2019 - **Affected Files**: - `detail…

Read more
Alibaba Fastjson Deserialization Bypass of autoType Limitation and Mitigation
github.com · 2025-11-08

## Critical Vulnerability Information ### 1. Risk Description Fastjson has adopted a whitelist/blacklist mechanism to defend against deserialization vulnerabilities. However, research has shown that u…

Read more
Cacti Unsafe Deserialization Vulnerability (CVE-2019-17358) Advisory
people.canonical.com · 2025-11-07

From the webpage screenshot, the following key information can be extracted: ### Key Information - **Vulnerability Identifier**: - CVE-2019-17358 - **Release Date**: - December 12, 2019 - **Last Updat…

Read more
Mahara Skin Import Unserialize Vulnerability (CVE-2017-1000148)
bugs.launchpad.net · 2025-11-07

### Key Information #### Vulnerability Description - **Vulnerability Type**: Unserialize untrusted data when importing skins - **Affected Versions**: 1.10, 15.04, 15.10, master - **Platform**: Any pla…

Read more
NetApp jackson-databind Deserialization Vulnerability Advisory (CVE-2020-11619/11620)
security.netapp.com · 2025-11-07

### Vulnerability Key Information - **Advisory ID**: NTAP-20200511-0004 - **Version**: 14.0 - **Last Updated**: 12/02/2020 - **Status**: Final - **CVEs**: CVE-2020-11619, CVE-2020-11620 #### Summary -…

Read more
CVE-2015-3253: Apache Groovy/Elasticsearch Deserialization RCE Vulnerability
www.zerodayinitiative.com · 2025-11-07

- **CVE ID**: CVE-2015-3253 - **CVSS Score**: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - **Affected Vendors**: - Apache - Elastic - **Affected Products**: - Groovy - Elasticsearch - **Vulnerability Details**: …

Read more
CVE-2018-1904: IBM WebSphere Application Server Deserialization RCE Vulnerability
www-01.ibm.com · 2025-11-07

- **CVE ID**: CVE-2018-1904 - **Description**: IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized obj…

Read more
Newforma Project Center .NET Unauthorized Deserialization (CVE-2025-35050)
www.cve.org · 2025-10-10

### Critical Vulnerability Information - **CVE ID**: CVE-2025-35050 - **Release Date**: 2025-10-09 - **Update Date**: 2025-10-09 - **Title**: Newforma Info Exchange (NIX) .NET Unauthorized Deserializa…

Read more
Kafka-UI v0.7.2 Unsafe Deserialization RCE via Malicious Serde Config
github.com · 2025-10-15

### Critical Vulnerability Information #### Vulnerability Description - **Type**: Unsafe deserialization via malicious Serde configuration (leading to RCE/DoS) - **Location**: Dashboard → "Configure N…

Read more
pmTicket Project-Management-Software Insecure Deserialization Authentication Bypass via Cookie
vuldb.com · 2025-09-29

### Critical Vulnerability Information - **Submission ID**: #657302 - **Title**: pmTicket Project-Management-Software (https://github.com/issue-tracking-system/Project-Management-Software) up to commi…

Read more
Authentication Bypass via Insecure Deserialization in loadLanguage
drive.google.com · 2025-09-29

### Key Information #### Vulnerability Type - **Authentication Bypass via Insecure Deserialization (Critical)** #### Vulnerability Description - In the `loadLanguage` function of the `class.main.php` …

Read more
CVE-2022-31050: Greenshot Insecure .NET Deserialization via WM_COPYDATA
github.com · 2025-09-18

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Insecure .NET deserialization via WM_COPYDATA enables local code execution - **Affected Versions**: <= 1.3.300 - **Fixed Versi…

Read more
CVE-2025-59340: Jinjava JavaType-Based Deserialization Sandbox Bypass
github.com · 2025-09-19

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Sandbox Bypass via JavaType-Based Deserialization - **Severity**: Critical (CVSS v3.1: 9.8/10) - **CVE ID**: CVE-2025-59340 - …

Read more
Datart Directory Traversal and SnakeYAML Deserialization RCE (CVE-2025-56815/56816)
github.com · 2025-09-26

### Critical Vulnerability Information #### CVE-2025-56815 - **Vulnerability Type**: Directory Traversal - **Affected Versions**: Datart 1.0.0-rc.3 - **Vulnerability Description**: In the POST /viz/im…

Read more
Pickle Deserialization RCE in Robot Bridge Reasoning Server with PoC
github.com · 2025-09-26

### Key Information #### Vulnerability Type - **Remote Code Execution (RCE) Vulnerability** #### Affected Code - `experiments.robot.bridge.reasoning_server::run_reasoning_server` #### Vulnerability De…

Read more
Beckhoff TwinCAT 3 Engineering Deserialization Vulnerability (CVE-2025-41701)
certvde.com · 2025-09-10

## Critical Vulnerability Information ### Vulnerability ID - VDE-2025-075 ### Release Date - 2025-09-10 10:00 (CEST) ### Last Updated - 2025-09-10 10:36 (CEST) ### Vendor - Beckhoff Automation GmbH & …

Read more
CVE-2025-35451 Deserialization Vulnerability Affecting Multiple Java Application Servers
www.cve.org · 2025-09-07

### Critical Vulnerability Information - **CVE ID**: CVE-2025-35451 - **CVSS Score**: - Base Score: 9.8 (Critical) - Version: CVSS v3.1 - **Affected Software and Versions**: - Vendor: Apache - Product…

Read more
MonAI CVE-2025-58757 Unsafe Pickle Deserialization RCE
github.com · 2025-09-10

### Critical Vulnerability Information #### Vulnerability Title - **Unsafe use of Pickle deserialization leads to RCE** #### Severity - **CVSS v3 base metrics**: 8.8 / 10 - **Attack vector**: Network …

Read more
Android BaseBundle Parcel Unparcel Error Logic Fix
android.googlesource.com · 2025-09-04

### Critical Vulnerability Information - **Commit ID**: ece83fb425b1e912a036e9985b710910e2e3ca37 - **Author**: Steven Moreland - **Committer**: Android Build Co-signature Worker - **Commit Time**: Dec…

Read more
FreeScout Unserialization Vulnerability Leading to RCE
github.com · 2025-09-04

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Remote Code Execution (RCE) due to deserialization of untrusted data - **CVE ID**: CWE-502: Deserialization of Untrusted Data …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.