Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 372— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
HP Storage Essentials CVE-2017-10992 Java Deserialization RCE Advisory
labs.integrity.pt · 2025-11-19

## Critical Vulnerability Information ### 1. Vulnerability Attributes - **Title**: HP Storage Essentials Remote Code Execution via Java deserialization - **CVE ID**: CVE-2017-10992 - **CVSSv3 Base Sco…

Read more
Jenkins Security Advisory: Multiple High-Severity Vulnerabilities (XSS, Deserialization, Path Traversal)
www.jenkins.io · 2025-11-19

### Jenkins Security Advisory 2021-01-13 #### Vulnerabilities Announced - **Jenkins (core)** - **Bumblebee HP ALM Plugin** - **TICS Plugin** - **tracetronic ecu.test Plugin** #### Descriptions 1. **XS…

Read more
Jenkins Security Advisory 2021-01-13: Multiple High-Severity Vulnerabilities (XSS, File Read, Deserialization)
www.jenkins.io · 2025-11-20

## Jenkins Security Advisory 2021-01-13 ### Key Information about Vulnerabilities #### XSS Vulnerability in Notification Bar - **CVE:** CVE-2021-21603 - **Severity:** High - **Description:** Attackers…

Read more
CVSS 8.5
XStream CVE-2021-39149 Deserialization RCE Vulnerability with PoC
x-stream.github.io · 2025-11-20

### Key Information #### Vulnerability ID CVE-2021-39149 #### Vulnerability Type Arbitrary Code Execution Vulnerability #### Affected Versions XStream 1.4.17 and earlier versions #### Description Duri…

Read more
Premium intel
CVSS 9.6
CVE-2021-21247: Post-Auth Unsafe Deserialization in BasePage AJAX
github.com · 2025-11-20

**Vulnerability Information:** - **Description**: Post-Auth Unsafe Deserialization on BasePage (AJAX) - **Severity**: Critical (CVE-2021-21247) - **Affected Versions**: <4.0.2 - **Patched Version**: 4…

Read more
IBM WebSphere EDataGraphImpl Deserialization Info Disclosure (CVE-2021-20353)
www.zerodayinitiative.com · 2025-11-20

## IBM WebSphere EDataGraphImpl Deserialization of Untrusted Data Information Disclosure Vulnerability - **Vulnerability IDs:** ZDI-21-174, ZDI-CAN-12478 - **CVE ID:** CVE-2021-20353 - **CVSS Score:**…

Read more
Premium intel
CVSS 8.8
vLLM prompt_embs Deserialization DoS and Potential RCE (CVE-2025-62164)
github.com · 2025-11-21

### Key Information Summary #### Vulnerability Overview - **Vulnerability Name**: VLLM prompt_embs deserialize allows DoS and potential RCE - **CVE ID**: [CVE-2025-62164](#) #### Affected Versions - *…

Read more
CVSS 3.7
NutzBoot LiteRPC Unauthenticated Java Deserialization RCE
vuldb.com · 2025-12-04

```md ## Vulnerability Key Information ### Title Nutz Framework NutzBoot 2.6.0-SNAPSHOT Code Execution (Unauthenticated Java Deserialization) ### Description - An exposed LiteRPC HTTP endpoint allows …

Read more
UNA CMS Deserialization Vulnerability (CVE-2025-32101) Advisory and Fix
karmainsecurity.com · 2025-12-05

- **Vulnerability Information** - **Affected Software and Versions**: - UNA CMS <= 14.0.0-RC4 - Specific affected version range: All versions from 9.0.0-RC1 to 14.0.0-RC4 - **Vulnerability Description…

Read more
CVSS 7.2
CVE-2025-1913 WordPress Plugin PHP Deserialization Vulnerability PoC
github.com · 2025-12-06

### Key Information about the Vulnerability from the Screenshot - **CVE Identifier:** CVE-2025-1913 - **PoC Purpose:** Educational-only, demonstrating unsafe handling of serialized PHP data in WordPre…

Read more
CSLA .NET NetDataContractSerializer Deserialization RCE (CVE-2025-66631)
github.com · 2025-12-10

### Critical Vulnerability Information #### Title - **Remote Code Execution via WcfProxy (NetDataContractSerializer)** #### Severity - **High** #### Impact - **Affected Versions:** = 6 #### Descriptio…

Read more
Tencent FaceDetection-DSFD Deserialization RCE Vulnerability (CVE-2025-13715)
www.zerodayinitiative.com · 2025-12-29

### Vulnerability Key Information - **Title**: - Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability - **ID**: - ZDI-25-1183 - ZDI-CAN-27197 - **CVE…

Read more
Hugging Face Transformers CVE-2025-14930 Deserialization RCE Advisory
www.zerodayinitiative.com · 2025-12-29

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: (0Day) Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability - **ID**: - …

Read more
Hugging Face Accelerate Deserialization RCE (CVE-2025-14925)
www.zerodayinitiative.com · 2025-12-29

### Key Vulnerability Information - **Title**: (0Day) Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability - **Identifier**: - ZDI-25-1140 - ZDI-CAN-27985 - CV…

Read more
Tencent NeuralNLP-NeuralClassifier Untrusted Data Deserialization RCE (CVE-2025-13708)
www.zerodayinitiative.com · 2025-12-29

Key vulnerability information extracted from the web screenshot: - **Vulnerability Title**: - Tencent NeuralNLP-NeuralClassifier _load_ checkpoint Deserialization of Untrusted Data Remote Code Executi…

Read more
Tencent Hunyuan3D-1 Untrusted Data Deserialization RCE (CVE-2025-13713)
www.zerodayinitiative.com · 2025-12-29

### Critical Vulnerability Information - **CVE ID:** CVE-2025-13713 - **CVSS Score:** 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - **Affected Vendor:** Tencent - **Affected Product:** Hunyuan3D-1 - **Vu…

Read more
Picklescan <0.0.21 Insecure Deserialization Bypass Leading to RCE (CVE-2025-1716)
www.sonatype.com · 2026-01-03

### Key Information Summary #### Vulnerability ID CVE-2025-1716 #### Vulnerability Description - **Issue**: In versions of `picklescan` prior to 0.0.21, there is an insecure deserialization vulnerabil…

Read more
CVSS 4.7
PluXml 5.8.22 Deserialization RCE via Phar Gadget Chain
vuldb.com · 2026-01-03

### Critical Vulnerability Information - **Title**: PluXml 5.8.22 Deserialization Vulnerability - **Description**: - PluXml CMS version 5.8.22 and earlier contains a critical backend deserialization v…

Read more
llama-index 0.11.16 Arbitrary Code Execution via Pickle Deserialization
huntr.com · 2026-01-20

--- ### Vulnerability Overview - **Vulnerability Type**: CWE-434: Arbitrary File Upload with Dangerous Type - **Severity**: High (8.8) - **Attack Vector**: Network - **Attack Complexity**: Low - **Req…

Read more
Premium intel
CVSS 10.0
Fastjson 1.2.47 Deserialization RCE Vulnerability Reproduction and Exploitation Analysis
github.com · 2026-01-20

### Vulnerability Key Information #### Vulnerability Description - **Vulnerability Type**: Fastjson 1.2.47 Deserialization Remote Code Execution (RCE) - **Affected Versions**: Fastjson 1.2.47 and earl…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.