Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 322— Search: 反序列化×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
TCL 10.0 Insufficient Validation of Serialized Session Data Leading to Memory Safety Issues (CVE-2026-34877)
mbed-tls.readthedocs.io · 2026-04-03

**1. Vulnerability Overview:** * **Title:** Risk of insufficient validation of serialized session or context data leading to potential memory safety issues (CVE-2026-34877) * **Description:** This is …

Read more
CVSS 3.7
Roundcube Redis/RedisCache Session Handler Unsafe Deserialization Arbitrary File Write Fix
github.com · 2026-04-03

### Vulnerability Summary **Vulnerability Overview** A security vulnerability related to unsafe deserialization has been fixed in the Redis/RedisCache session handler of Roundcube email client. The fl…

Read more
Premium intel
CVSS 7.2
Oohu2 Insecure Deserialization RCE Vulnerability and POC
github.com · 2026-04-02

# Oohu2 Remote Code Execution Vulnerability (CVE-2023-XXXX) ## Vulnerability Overview * **Vulnerability Name**: Remote Code Execution via Insecure Deserialization in Oohu2 * **Vulnerability Type**: Re…

Read more
www.wordfence.com · 2026-05-03

# Vulnerability Summary ## Overview **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) **Vulnerability Type**: Remote Code Execution (RCE) **Description**: Th…

Read more
CVSS 4.5
NASA cFS Ground System Deserialization RCE via Pickle
vuldb.com · 2026-04-04

# NASA cFS 7.0.0 Code Execution Vulnerability Summary ### Vulnerability Overview * **Vulnerability Type**: Deserialization Vulnerability / Arbitrary Code Execution * **Affected Component**: NASA cFS G…

Read more
CVSS 7.2
Easy Digital Downloads <=3.3.3 Authenticated PHAR Deserialization (CVE-2022-2439)
www.wordfence.com · 2024-09-25

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Plugin Name**: Easy Digital Downloads - Simple eCommerce for Selling Digital Files <= 3.3.3 - Authentica…

Read more
Modular Max: Fix RCE risk by removing default Pickle serialization in Zmq Sockets
github.com · 2025-11-19

### Key Information Summary #### Vulnerability Description This commit `ee9c4ab` primarily addresses serialization issues in Zmq Sockets, covering the following aspects: 1. **Removal of Default Pickle…

Read more
GPT-SoVITS Multiple Deserialization RCE Vulnerabilities (CVE-2025-49837 to 49841)
securitylab.github.com · 2025-07-17

### Critical Vulnerability Information #### Vulnerability IDs - GHSL-2025-049 - GHSL-2025-053 #### Vulnerability Type - Remote Code Execution (RCE) #### Affected Component - GPT-SoVITS #### Related CV…

Read more
systemd CVE-2018-15686: Serialization/Deserialization Vulnerability Fix Analysis
github.com · 2025-11-11

## Vulnerability Key Information - **CVE ID**: CVE-2018-15686 - **Vulnerability Description**: - This Pull Request (PR) introduced an alert indicating a comparison result is always the same, affecting…

Read more
MixPHP 2.x Deserialization RCE and SQL Injection (CVE-2026-37552, CVE-2026-42471 through 42475) · GitHub
gist.github.com · 2026-05-02

# MixPHP Framework Deserialization RCE and SQL Injection Vulnerability Summary ## Vulnerability Overview The MixPHP framework contains multiple critical security vulnerabilities, including Remote Code…

Read more
Premium intel
CVSS 7.2
Fix: Remote Code Execution via Jinacore Deserialization in OkAuth
github.com · 2026-04-02

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability Type**: Remote Code Execution (RCE) * **Root Cause**: Deserialization vulnerability in the `Jinacore` component within `OkAuth`. …

Read more
CVSS 3.1
Roundcube Fix Unsafe Deserialization Arbitrary File Write and INP Injection
github.com · 2026-04-03

### Vulnerability Overview This update addresses two critical security vulnerabilities: 1. **INP Injection and CRLF Bypass**: A vulnerability exists in the mail search functionality, allowing INP inje…

Read more
CVSS 3.7
Roundcube: Fix Arbitrary File Write via Unsafe Deserialization in redis/newcache Session Handler
github.com · 2026-04-03

### Vulnerability Overview This screenshot presents a security fix commit (Commit 44e4d99) in the Roundcube email client. It addresses an **arbitrary file write vulnerability** caused by **unsafe dese…

Read more
CVE-502: RCE via Unsafe Pickle Deserialization in Async Inference Pipeline
github.com · 2026-04-24

# Vulnerability Summary ## Overview - **Vulnerability ID**: CVE-502 (Deserialization of Untrusted Data) - **Description**: In the asynchronous inference pipeline, there exist unsafe calls to `pickle.l…

Read more
ZI-SA-2026-002: Arbitrary Code Execution via Unsafe Deserialization in LabOne Q | Zurich Instruments
www.zhinst.com · 2026-05-01

# Summary of Deserialization Vulnerability in Zurich Instruments LabOne Q ## Vulnerability Overview * **Vulnerability ID**: ZI-SA-2026-002 * **Vulnerability Type**: Unsafe Deserialization * **CVSS Sco…

Read more
Ray CVE-2024-2056 RCE via Parquet Cloudpickle Deserialization
github.com · 2026-05-09

### Vulnerability Overview A critical security vulnerability (CVE-2024-2056) has been identified in the Ray project, allowing attackers to execute arbitrary code through crafted Parquet files. This vu…

Read more
RCE in langgraph-checkpoint JsonPlusSerializer via Unsafe Deserialization
github.com · 2025-11-09

## Vulnerability Overview ### Vulnerability Name RCE in "json" mode of JsonPlusSerializer ### Affected Versions langgraph-checkpoint 3.0 ### Vulnerability Description Prior to version 3.0, JsonPlusSer…

Read more
RCE via Unsafe Deserialization in jsonpickle.loads
huntr.com · 2025-07-12

## Critical Vulnerability Information ### Vulnerability Description - **Type**: Unsafe Deserialization (`jsonpickle.loads`) - **Impact**: Remote Code Execution (RCE) - **Cause**: The `jsonpickle.loads…

Read more
CVE-2022-2265 Replicant Insecure Deserialization RCE
morielharush.github.io · 2026-04-02

# Replicant: When Deserialization Starts Writing Your Scripts ## Vulnerability Overview **Replicant** is an npm package for advanced JavaScript serialization and deserialization. This vulnerability (C…

Read more
CVSS 6.5
Apache ActiveMQ CVE-2023-46604 RCE Vulnerability Analysis and Mitigation
www.wordfence.com · 2026-05-08

# Vulnerability Summary ## Overview * **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) * **Vulnerability Type**: Remote Code Execution (RCE) * **Cause**: Th…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.