Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 352— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 5.0
OpenCart MaxD Lightning Module Deserialization Vulnerability (CVE-2025-0974)
vuldb.com · 2026-04-19

### Vulnerability Overview - **Vulnerability Name**: MaxD Lightning Module 4.43/4.44 on OpenCart li_op/md deserialization - **Vulnerability ID**: CVE-2025-0974 - **Vulnerability Type**: Deserializatio…

Read more
CVSS 8.1
OpenMage LTS Phar Deserialization RCE (CVE-2026-25524) Advisory and POC
github.com · 2026-04-21

# Phar Deserialization Leads to Remote Code Execution (RCE) ## Vulnerability Overview OpenMage LTS has a deserialization vulnerability when handling `phar://` stream wrapper paths. An attacker can upl…

Read more
CVSS 8.1
v20.17.0 Security Advisory: Phar Deserialization, Path Traversal, Upload Bypass
github.com · 2026-04-21

### Vulnerability Overview In version `v20.17.0`, the following security vulnerabilities exist: 1. **Downgraded composer/composer (#5477)** 2. **Phar Deserialization (#5461)** 3. **Customer File Uploa…

Read more
Premium intel
CVSS 7.5
CVE-2026-6857: camel-infinispan Unsafe Deserialization RCE
bugzilla.redhat.com · 2026-04-22

# Vulnerability Summary ## Overview - **CVE ID**: CVE-2026-6857 - **Vulnerability Name**: camel-infinispan: Remote Code Execution via Unsafe Deserialization - **Status**: NEW - **Priority**: high - **…

Read more
Apache ActiveMQ OpenWire Deserialization RCE Vulnerability and POC
ntfy.com · 2026-04-24

# 漏洞总结 ## 漏洞概述 该漏洞涉及 **Apache ActiveMQ** 的 **OpenWire 协议** 反序列化漏洞。攻击者可以通过构造恶意数据包,利用 ActiveMQ 的 OpenWire 协议中的反序列化机制,执行远程代码(RCE)。 ## 影响范围 - **Apache ActiveMQ** 版本:**5.15.0 及以下版本** ## 修复方案 - 升级到 **Apache…

Read more
Premium intel
CVSS 9.8
Pipecast LivekitFrameSerializer Pickle Deserialization RCE (GHSA-c3jg-5cp7-6wc7)
github.com · 2026-04-24

# Vulnerability Summary: Pipecast Remote Code Execution Vulnerability ## Overview * **Vulnerability Name**: Remote Code Execution (RCE) caused by Pickle deserialization via `LivekitFrameSerializer` * …

Read more
CVSS 5.3
OpenTelemetry .NET gRPC RetryDelay Deserialization Fix
github.com · 2026-04-24

### Vulnerability Overview The webpage screenshot illustrates an issue related to deserialization of `GrpcStatusDetailsHeader`, specifically the functionality of retrieving `GrpcRetryDelay` from `Grpc…

Read more
LeRobot Unsafe Deserialization RCE via gRPC (Pickle)
www.vulncheck.com · 2026-04-24

# LeRobot Insecure Deserialization Remote Code Execution Vulnerability (gRPC) ### Vulnerability Overview An insecure deserialization vulnerability exists in LeRobot’s asynchronous inference pipeline. …

Read more
Hugging Face LeRobot Async Inference gRPC Unpickle RCE (#3047)
github.com · 2026-04-24

# Vulnerability Summary: Insecure Pickle Deserialization Vulnerability in Hugging Face /lerobot Asynchronous Inference ## Overview - **Vulnerability ID**: #3047 - **Vulnerability Type**: CWE-502 - Des…

Read more
HuggingFace LeRobot Unauthenticated RCE via Pickle Deserialization (CVE-2026-25874)
chocapikk.com · 2026-04-24

# CVE-2026-25874: HuggingFace LeRobot Deserialization Remote Code Execution Vulnerability ## Vulnerability Overview The asynchronous inference module of HuggingFace’s open-source robotics framework Le…

Read more
Premium intel
CVSS 9.8
CVE-2026-26210: RCE via Unsafe Pickle Deserialization in gRPC PolicyServer balance_serve Module
github.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-26210 - **Description**: In the `balance_serve` module of gRPC PolicyServer, due to the use of the insecure `pickle.loads()` method, an at…

Read more
CVSS 7.5
Unbounded Memory Allocation in Deserialization · Advisory · ndsev/zserio · GitHub
github.com · 2026-04-25

# Unbounded Memory Allocation in Deserialization (CVE-2026-3524) ## Vulnerability Overview * **Vulnerability Name**: Unbounded Memory Allocation in Deserialization (反序列化中的无界内存分配) * **CVE ID**: CVE-202…

Read more
Clipboard deserialization global-buffer-overflow · Advisory · deskflow/deskflow · GitHub
github.com · 2026-04-25

### Vulnerability Overview - **Vulnerability Name**: Clipboard deserialization global-buffer-overflow - **Vulnerability Type**: Remote memory safety vulnerability, specifically a global buffer overflo…

Read more
Apache Camel Mina Unsafe Deserialization RCE (CVE-2026-40473)
camel.apache.org · 2026-04-27

# Apache Camel Security Advisory: CVE-2026-40473 ## Vulnerability Overview - **Severity**: Medium - **Summary**: An insecure deserialization vulnerability exists in the `MinaConverter.toObjectInput()`…

Read more
Apache Camel JMS Deserialization RCE Vulnerability (CVE-2026-40860) Advisory
camel.apache.org · 2026-04-27

# Apache Camel Security Advisory: CVE-2026-40860 ## Vulnerability Overview Apache Camel contains an insecure JMS deserialization vulnerability. When the `mapJmsMessage` option is enabled (enabled by d…

Read more
Apache Camel CVE-2026-40858 Unsafe Deserialization Vulnerability Advisory
camel.apache.org · 2026-04-27

# Apache Camel Security Advisory: CVE-2026-40858 ## Vulnerability Overview - **Severity**: High - **Summary**: An insecure deserialization vulnerability exists in the Camel-Infinispan component. - **D…

Read more
CVSS 5.3
Cista v0.15 Unsafe Deserialization Memory Address Leak
gist.github.com · 2026-04-29

# Vulnerability Summary: Cista v0.15 Deserialization Memory Address Leak ## Vulnerability Overview In Cista v0.15 and earlier versions, there is an insecure deserialization issue. When deserializing u…

Read more
CVSS 5.0
Grav CMS Insecure Deserialization in File Cache (CWE-502)
github.com · 2026-04-29

# Vulnerability Summary: Insecure Deserialization in File Cache ## Vulnerability Overview * **Vulnerability Name**: Insecure Deserialization in File Cache * **Severity**: High * **Vulnerability Type**…

Read more
Jenkins Security Advisory: Multiple Plugin Vulnerabilities including RCE, XSS, and Deserialization (CVE-2026-42519 to 42
www.jenkins.io · 2026-04-29

# Jenkins Security Advisory 2026-04-29 Vulnerability Summary ## Vulnerability Overview This advisory covers security vulnerabilities in multiple Jenkins plugins, primarily including missing permission…

Read more
Jenkins Security Advisory: Multiple Plugin Vulnerabilities including RCE, XSS, and Deserialization (CVE-2026-42519 to 42
www.jenkins.io · 2026-04-29

# Jenkins Security Advisory 2026-04-29 Vulnerability Summary ## Vulnerability Overview This advisory covers security vulnerabilities in multiple Jenkins plugins, primarily including missing permission…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.