Security Intel Hub 407— Search: 反序列化×

Jenkins Plugin Security Advisory: RCE, SSRF, AFR, Path Traversal via CVEs

### Jenkins Security Advisory 2026-05-27 #### Vulnerability Summary 1. **RCE via Unvalidated LDAP Redirect in LDAP Plugin** - **CVE**: CVE-2026-48916 (SSRF), CVE-2026-48917 (Deserialization) - **Sever…

Jenkins Plugin Security Bulletin: RCE, SSRF, LFI via LDAP/AD/Credentials

### Jenkins Security Advisory 2026-05-27 #### Vulnerability Overview This advisory announces vulnerabilities in the following Jenkins components: - Active Directory Plugin - AppSpider Plugin - Bitbuck…

Jenkins Security Advisory: RCE and Path Traversal in Multiple Plugins (CVE-2026-48916-48925)

### Jenkins Security Advisory 2026-05-27 #### Vulnerability Overview This advisory announces vulnerabilities in the following Jenkins components: 1. **Remote Code Execution (RCE) Vulnerability in LDAP…

Jenkins Plugin Advisory: LDAP Redirection Leads to RCE via Deserialization

### Jenkins Security Advisory 2026-05-27 #### Vulnerability Overview This advisory announces vulnerabilities in the following Jenkins artifacts: - Active Directory Plugin - AppSpider Plugin - Bitbucke…

Jenkins Security Bulletin: Multiple Plugin Vulnerabilities including RCE, AFR, CSRF

### Jenkins Security Advisory 2026-05-27 Vulnerability Summary #### Vulnerability Overview 1. **RCE vulnerability due to unvalidated LDAP redirection in the LDAP Plugin** - **CVE**: CVE-2026-48916 (SS…

Ghidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project Connection | Advisories | Vul

### Vulnerability Overview A vulnerability exists in Ghidra versions prior to 12.1 involving unfiltered RMI deserialization. Attackers can exploit this by crafting a malicious shared project connectio…

Apache Storm 2.x RCE (CVE-2026-35337) and Stored XSS (CVE-2026-35565) Advisory

### Vulnerability Overview #### CVE-2026-35337 - Untrusted Data Deserialization Vulnerability - **Description**: When processing topology credentials submitted via the Nimbus Thrift API, Storm deseria…

CVE-2026-31223 | Notion

# CVE-2026-31223 Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: CVE-2026-31223 - **Vulnerability Type**: Unsafe Deserialization (CWE-502) - **Affected Component**: `BaseLabele…

CVE Record: CVE-2026-24142

# CVE-2026-24142 Vulnerability Summary ## Vulnerability Overview * **Vulnerability ID**: CVE-2026-24142 * **Vulnerability Type**: Deserialization Vulnerability * **Severity**: Medium (CVSS Score: 6.3)…

Jenkins Security Bulletin: Deserialization, XSS, Auth Bypass (CVE-2026-53435) Patch Guide

### Jenkins Security Advisory 2026-06-10 #### Vulnerability Overview 1. **Deserialization Vulnerability** - **CVE**: CVE-2026-53435 - **Severity**: High - **Description**: Jenkins uses serialization a…

CVE-2026-40993: Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry

# CVE-2026-40993: Unsanitized Java Native Deserialization SAML 2.0 Asserting Party Credentials Blob Database Entries ## Vulnerability Overview An attacker can store a malicious serialized payload in t…

Jenkins Security Advisory 2026-06-10

### Jenkins Security Advisory 2026-06-10 #### Vulnerability Overview 1. **Deserialization Vulnerability** - **CVE**: CVE-2026-53435 - **Severity**: High - **Description**: Jenkins uses serialization a…

Keras TFSMLayer Bypasses safe_mode Leading to RCE (CVE-2026-1462)

# TFSMLayer Bypass `safe_mode=True` Vulnerability Summary ## Vulnerability Overview **CVE-2026-1462** **Severity**: High (8.8) **Affected Component**: `keras-team/keras` (TFSMLayer class) **Core Issue…

Blockchain Node DoS Fix: Malicious HistoricTransaction Triggers Panic in History Sync

# Vulnerability Summary ## Overview - **Vulnerability Name**: Fix panic triggered by sync node during historical synchronization. - **Description**: A malicious sync node can cause the sync node to cr…

# Vulnerability Overview **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46697) **Vulnerability Description**: Apache ActiveMQ is an open-source message broker an…

Ray Multiple Components Vulnerability Fix Advisory (RCE/Serialization)

### Vulnerability Summary #### Overview - **Vulnerability Name**: Vulnerabilities Fixed in Multiple Components - **Affected Components**: Ray Data, Ray Serve, Ray Train, Ray Tune, Ray LLM, Ray RLlib, …

9.5.1 Release Notes :: Concrete CMS

# Concrete CMS 9.5.1 Security Vulnerability Summary ## Vulnerability Overview Concrete CMS version 9.5.1 addresses multiple critical security vulnerabilities, including: - **Remote Code Execution (RCE…

Contao Controller.php Variable Reference Fix

From this webpage screenshot, the following key vulnerability-related information can be extracted: - **Submission Details**: - Submission ID: a03976c - Submitter: fritzmg - Submission Time: Yesterday…

RHSA-2018:0294: Red Hat JBoss Data Grid 7.1.2 Security Update (CVE-2017-7525/15089/9970)

## Critical Vulnerability Information **Overview** - **Advisory ID:** RHSA-2018:0294 - **Release Date:** 2018-02-12 - **Update Date:** 2018-02-12 **Type/Severity** - **Severity:** Important **Subject*…