Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1310+ Articles
157+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
15 articles

#Deserialization

All CosmicBytez Labs articles tagged #Deserialization, across news, security advisories, how-to guides, and projects.

  • SecurityMay 30, 2026

    CVE-2026-10042: manga-image-translator RCE via Unsafe Python Deserialization

    A critical CVSS 9.8 remote code execution vulnerability in manga-image-translator allows unauthenticated attackers to execute arbitrary commands by...

  • NewsMay 26, 2026

    Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell

    A hardcoded machineKey value in KnowledgeDeliver's configuration enabled ViewState deserialization attacks leading to remote code execution and web shell.

  • SecurityMay 22, 2026

    CVE-2026-48207: Apache Fury PyFury Deserialization RCE

    A critical deserialization vulnerability in Apache Fury's Python library PyFury allows attackers to bypass DeserializationPolicy validation hooks via the...

  • SecurityMay 20, 2026

    CVE-2026-7637: WordPress Boost Plugin PHP Object Injection

    The Boost plugin for WordPress versions up to 2.0.3 is vulnerable to PHP Object Injection via deserialization of the STYXKEY-BOOST_USER_LOCATION cookie,...

  • SecurityMay 19, 2026

    CVE-2026-7301: SGLang ROUTER Socket Exposes Unsafe

    A critical CVSS 9.8 vulnerability in SGLang's multimodal AI runtime scheduler binds its ROUTER socket to 0.0.0.0 by default and passes incoming messages...

  • SecurityMay 2, 2026

    CVE-2026-42779: Critical Apache MINA Deserialization Class

    An incomplete fix for CVE-2026-41635 leaves Apache MINA 2.1.x and 2.2.x branches exposed to a critical deserialization bypass via...

  • SecurityMay 1, 2026

    Apache MINA Incomplete Deserialization Patch Leaves 2.1.X

    Apache MINA versions 2.1.X and 2.2.X remain vulnerable to unauthenticated remote code execution because the fix for CVE-2026-41409 was never backported,...

  • SecurityApr 28, 2026

    CVE-2026-40860: Apache Camel JMS Unsafe ObjectMessage

    Apache Camel's JmsBinding class in camel-jms and camel-sjms deserializes incoming JMS ObjectMessage payloads via javax.jms.ObjectMessage.getObject()...

  • SecurityApr 28, 2026

    CVE-2026-41635: Apache MINA Class Allowlist Bypass Enables

    Apache MINA's AbstractIoBuffer.resolveClass() contains a branch for static classes and primitive types that skips allowlist validation entirely, letting...

  • SecurityApr 24, 2026

    CVE-2026-26210: KTransformers Unsafe Deserialization RCE

    KTransformers through version 0.5.3 contains a critical unsafe deserialization vulnerability in its balance_serve backend mode, where an unauthenticated...

  • NewsApr 18, 2026

    Critical Flaw in protobuf.js Library Enables JavaScript

    A critical remote code execution vulnerability in protobuf.js, the widely used JavaScript implementation of Google's Protocol Buffers, has been disclosed...

  • NewsMar 25, 2026

    PTC Warns of Imminent Threat from Critical Windchill

    PTC is warning customers of an imminent exploit threat against a critical deserialization vulnerability in Windchill and FlexPLM — CVE-2026-4681, CVSS...

  • SecurityMar 19, 2026

    CVE-2026-25449: Critical Object Injection in Shinetheme

    A CVSS 9.8 deserialization vulnerability in the Shinetheme Traveler WordPress plugin allows unauthenticated remote attackers to inject arbitrary PHP...

  • SecurityMar 18, 2026

    CVE-2026-25769: Wazuh Critical RCE via Insecure

    A critical remote code execution vulnerability (CVSS 9.1) in Wazuh versions 4.0.0–4.14.2 allows an attacker with access to a worker node to achieve root...

  • SecurityFeb 5, 2026

    SolarWinds Web Help Desk RCE Vulnerability Added to CISA KEV

    Critical deserialization vulnerability in SolarWinds Web Help Desk enables unauthenticated remote code execution. CISA confirms active exploitation.