Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 344— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Ray CVE-2024-2056 RCE via Parquet Cloudpickle Deserialization
github.com · 2026-05-09

### Vulnerability Overview A critical security vulnerability (CVE-2024-2056) has been identified in the Ray project, allowing attackers to execute arbitrary code through crafted Parquet files. This vu…

Read more
RCE in langgraph-checkpoint JsonPlusSerializer via Unsafe Deserialization
github.com · 2025-11-09

## Vulnerability Overview ### Vulnerability Name RCE in "json" mode of JsonPlusSerializer ### Affected Versions langgraph-checkpoint 3.0 ### Vulnerability Description Prior to version 3.0, JsonPlusSer…

Read more
Premium intel
CVSS 8.2
CVE-2024-4843 LangChain Unsafe Deserialization Vulnerability Advisory
github.com · 2026-05-27

### Vulnerability Overview **Vulnerability Name**: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlist **CVE ID**: CVE-2024-4843 **CVSS v3 base metr…

Read more
bitsery/CHANGELOG.md at master · fraillt/bitsery · GitHub
github.com · 2026-05-26

### Vulnerability Overview In version 5.2.5 (2025-10-09), a security vulnerability was identified. This vulnerability involves a security issue during the deserialization process, specifically: a craf…

Read more
RCE via Unsafe Deserialization in jsonpickle.loads
huntr.com · 2025-07-12

## Critical Vulnerability Information ### Vulnerability Description - **Type**: Unsafe Deserialization (`jsonpickle.loads`) - **Impact**: Remote Code Execution (RCE) - **Cause**: The `jsonpickle.loads…

Read more
CVE-2022-2265 Replicant Insecure Deserialization RCE
morielharush.github.io · 2026-04-02

# Replicant: When Deserialization Starts Writing Your Scripts ## Vulnerability Overview **Replicant** is an npm package for advanced JavaScript serialization and deserialization. This vulnerability (C…

Read more
CVSS 6.5
Apache ActiveMQ CVE-2023-46604 RCE Vulnerability Analysis and Mitigation
www.wordfence.com · 2026-05-08

# Vulnerability Summary ## Overview * **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) * **Vulnerability Type**: Remote Code Execution (RCE) * **Cause**: Th…

Read more
Red Hat JBoss EAP 6.4.20 Security Update (RHSA-2018:1450)
access.redhat.com · 2025-11-11

### Vulnerability Key Information - **Announcement ID**: RHSA-2018:1450 - **Release Date**: 2018-05-14 - **Update Date**: 2018-05-14 - **Type/Severity**: Important - **Subject**: Red Hat JBoss Enterpr…

Read more
Apache ActiveMQ CVE-2023-46604 RCE Vulnerability Summary
go.dev · 2026-05-22

# Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) **Vulnerability Description**: Apache ActiveMQ is a popul…

Read more
Premium intel
CVSS 7.5
openITCOCKPIT v5.3.1 Unsafe PHP Deserialization Vulnerability Analysis
github.com · 2026-02-21

# Critical Vulnerability Summary ## Affected Products and Versions - **Product**: openITCOCKPIT Community Edition - **Version**: v5.3.1 ## Vulnerability Category - Insecure Deserialization - PHP Objec…

Read more
Premium intel
CVSS 7.3
Bitser v5.2.4 Unsafe Deserialization Vulnerability Analysis with POC
gist.github.com · 2026-05-26

### Vulnerability Overview An insecure deserialization vulnerability has been discovered in Bitser v5.2.4 and earlier versions. This vulnerability allows type confusion, which can lead to address leak…

Read more
www.wordfence.com · 2026-05-05

# Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) **Description**: Apache ActiveMQ is an open-source messag…

Read more
CVSS 3.7
NutzBoot LiteRPC Unauthenticated Java Deserialization RCE
github.com · 2025-12-04

### Key Information Extraction #### Affected Products - NutzBoot (LiteRPC + Loach modules) #### Version Information - **Affected Versions**: 2.6.0-SNAPSHOT (current dev branch, check specific commits …

Read more
Premium intel
CVSS 8.1
Zumba JsonSerializer Unsafe Deserialization Fix
github.com · 2026-02-21

# Critical Vulnerability Information ## Vulnerability Description In the `Zumba\JsonSerializer` library, there is an **insecure deserialization vulnerability** that could lead to Remote Code Execution…

Read more
Premium intel
CVSS 3.7
Roundcube Webmail: Fix Arbitrary File Write via Unsafe Deserialization in Redis/Memcache Session Handler
github.com · 2026-04-03

### Vulnerability Overview Roundcube Webmail has fixed a critical security vulnerability. The issue resides in the `redis/memcache session handler`, where **unsafe deserialization** allows remote atta…

Read more
CVSS 7.3
FedML-AI <=0.8.9 gRPC Insecure Deserialization RCE
vuldb.com · 2026-04-05

## Vulnerability Key Information ### Vulnerability Overview | Item | Content | |:---|:---| | **Vulnerability ID** | Submit #782201 / VulnDB 355289 | | **Vulnerability Title** | FedML-AI FedML **Note**…

Read more
HPX v1.11.0 Unsafe Deserialization Type Confusion Leading to RCE
gist.github.com · 2026-04-29

# Vulnerability Summary: HPX v1.11.0 Deserialization Type Confusion ## Vulnerability Overview An unsafe deserialization vulnerability was discovered in HPX v1.11.0 and earlier versions. Due to insuffi…

Read more
CVE-2026-31234 | Notion
www.notion.so · 2026-05-22

# CVE-2026-31234 ## Vulnerability Overview CVE-2026-31234 is an unauthenticated pickle deserialization vulnerability located in the KVStore component of Horovod. Attackers can achieve Remote Code Exec…

Read more
FREEI-2684 Reduce risk of RCE during restore operation · FreePBX/backup@64781af · GitHub
github.com · 2026-05-22

# FreePBX Backup Module Remote Code Execution Vulnerability (FREEI-2084) ## Vulnerability Overview The backup module in FreePBX is vulnerable to Remote Code Execution (RCE) during restore operations. …

Read more
Pyro 3.x Unsafe Pickle Deserialization Leads to Unauthenticated RCE
github.com · 2026-04-18

# Vulnerability Overview Pyro 3.x contains an insecure pickle deserialization vulnerability. An attacker can send a specially crafted serialized payload to a Pyro 3.x server and exploit Python’s `pick…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.