Security Intel Hub 340— Search: 反序列化×

Unsafe deserialization in file-backed session manager leads to RCE (CVE-2026-7818) · Issue #9901 · pgadmin-org/pgadmin4

# 漏洞总结：pgAdmin4 文件备份会话管理器中的不安全反序列化导致远程代码执行 (CVE-2026-7818) ## 漏洞概述 在 pgAdmin 4 的 `FileBackedSessionManager` 中存在不安全的反序列化漏洞（CWE-502）。该会话管理器在验证 HMAC 完整性之前，使用 Python 标准对象序列化模块无条件地反序列化会话文件内容。攻击者可以通过向会话目录放置…

「幻核-2」你的终端在"叛变" ANSI 转义序列注入攻击-先知社区

### Vulnerability Overview - **Vulnerability Name**: "Phantom Core-2" Your Terminal is "Rebeling" - ANSI Escape Sequence Injection Attack - **Vulnerability Description**: In 1978, DEC released the VT1…

IBM Cloud Pak for Business Automation Security Bulletin: Multiple CVEs including Container Escape and RCE

### Critical Vulnerability Information #### Vulnerability Overview - **Announcement**: This security announcement addresses multiple security vulnerabilities in IBM Cloud Pak for Business Automation v…

Roundcube Webmail 1.6.14 Security Update: Fixes Arbitrary File Write, IMAP Injection, XSS

# Roundcube Webmail 1.6.14 安全更新总结 ### 漏洞概述 Roundcube Webmail 1.6.14 版本发布，这是一个安全更新，旨在修复近期报告的多个严重安全漏洞。 ### 漏洞详情 本次更新修复了以下具体漏洞： * **任意文件写入**：Redis rememberme 会话处理程序中存在不安全的反序列化漏洞（由 PiyushGPTY 报告）。 * **密码重…

ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE · Advisory ·

# Vulnerability Summary: Deserialization RCE Vulnerability in fabric-sdk-java ## Vulnerability Overview A deserialization Remote Code Execution (RCE) vulnerability exists in the Java client SDK (`fabr…

CVE-2026-31224 | Notion

# CVE-2026-31224 Vulnerability Summary ## Overview - **Vulnerability Name**: CVE-2026-31224 — Unsafe `torch.load` in Snorkel `MultitaskClassifier.load` - **Vulnerability Type**: Insecure Deserializati…

api.php in forms-rb/tags/1.1.9/app – WordPress Plugin Repository

# Vulnerability Summary ## Overview The webpage screenshot displays an API code file (`app/api.php`) from the WordPress plugin "forms-rb". The code contains an **Insecure Deserialization** vulnerabili…

Apache Storm 2.x RCE (CVE-2026-35337) and Stored XSS (CVE-2026-35565) Advisory

### Vulnerability Overview #### CVE-2026-35337 - Untrusted Data Deserialization Vulnerability - **Description**: When processing topology credentials submitted via the Nimbus Thrift API, Storm deseria…

CVE-2026-31223 | Notion

# CVE-2026-31223 Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: CVE-2026-31223 - **Vulnerability Type**: Unsafe Deserialization (CWE-502) - **Affected Component**: `BaseLabele…

CVE Record: CVE-2026-24142

# CVE-2026-24142 Vulnerability Summary ## Vulnerability Overview * **Vulnerability ID**: CVE-2026-24142 * **Vulnerability Type**: Deserialization Vulnerability * **Severity**: Medium (CVSS Score: 6.3)…

Keras TFSMLayer Bypasses safe_mode Leading to RCE (CVE-2026-1462)

# TFSMLayer Bypass `safe_mode=True` Vulnerability Summary ## Vulnerability Overview **CVE-2026-1462** **Severity**: High (8.8) **Affected Component**: `keras-team/keras` (TFSMLayer class) **Core Issue…

Blockchain Node DoS Fix: Malicious HistoricTransaction Triggers Panic in History Sync

# Vulnerability Summary ## Overview - **Vulnerability Name**: Fix panic triggered by sync node during historical synchronization. - **Description**: A malicious sync node can cause the sync node to cr…

# Vulnerability Overview **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46697) **Vulnerability Description**: Apache ActiveMQ is an open-source message broker an…

Ray Multiple Components Vulnerability Fix Advisory (RCE/Serialization)

### Vulnerability Summary #### Overview - **Vulnerability Name**: Vulnerabilities Fixed in Multiple Components - **Affected Components**: Ray Data, Ray Serve, Ray Train, Ray Tune, Ray LLM, Ray RLlib, …

9.5.1 Release Notes :: Concrete CMS

# Concrete CMS 9.5.1 安全漏洞总结 ## 漏洞概述 Concrete CMS 9.5.1 版本修复了多个严重的安全漏洞，包括： - **远程代码执行 (RCE)**：通过序列化反序列化、CSRF 令牌验证缺失等途径实现。 - **跨站脚本 (XSS)**：通过 OAuth 集成、日历事件、文件管理等途径实现。 - **信息泄露**：通过日历事件、文件管理、页面元数据等途径实现。…

Contao Controller.php Variable Reference Fix

From this webpage screenshot, the following key vulnerability-related information can be extracted: - **Submission Details**: - Submission ID: a03976c - Submitter: fritzmg - Submission Time: Yesterday…

RHSA-2018:0294: Red Hat JBoss Data Grid 7.1.2 Security Update (CVE-2017-7525/15089/9970)

## Critical Vulnerability Information **Overview** - **Advisory ID:** RHSA-2018:0294 - **Release Date:** 2018-02-12 - **Update Date:** 2018-02-12 **Type/Severity** - **Severity:** Important **Subject*…