Deserialization Archives • Daily CyberSecurity

Apache MINA Fixes Critical RCE Vulnerabilities Apache MINA flaws critical deserialization bypass Apache MINA Deserialization CVE-2026-42778 RCE Apache MINA RCE CVE-2026-41635

Apache MINA flaws critical deserialization bypass Apache MINA Deserialization CVE-2026-42778 RCE Apache MINA RCE CVE-2026-41635

Apache MINA Fixes Critical RCE Vulnerabilities

Do Son May 4, 2026

The Apache MINA project has issued a high-priority security release to address two critical vulnerabilities that were...

Apache MINA Hit by Twin Critical RCE Flaws Apache MINA flaws critical deserialization bypass Apache MINA Deserialization CVE-2026-42778 RCE Apache MINA RCE CVE-2026-41635

Apache MINA Hit by Twin Critical RCE Flaws

Do Son April 28, 2026

Apache MINA is widely recognized as a foundational network application framework, designed to help users easily develop...

Critical 9.8 CVSS RCE Hijacks Pipecat Voice Agents Pipecat RCE CVE-2025-62373

Critical 9.8 CVSS RCE Hijacks Pipecat Voice Agents

Do Son April 27, 2026

A critical vulnerability has been disclosed in Pipecat, the popular open-source Python framework used to build voice...

Critical Pre-Auth RCE Found in OpenAM Identity Platform OpenAM RCE CVE-2026-33439

Critical Pre-Auth RCE Found in OpenAM Identity Platform

Do Son April 17, 2026

OpenAM, the widely-deployed open-source access management solution, is facing a critical security challenge following the discovery of...

Critical 9.3 CVSS RCE Vulnerability Hit in OpenTelemetry Java Agent OpenTelemetry Java Vulnerability Java RCE Exploit

Critical 9.3 CVSS RCE Vulnerability Hit in OpenTelemetry Java Agent

Do Son March 30, 2026

A critical vulnerability has been uncovered in the OpenTelemetry Instrumentation for Java, a popular tool used by...

Apache Camel Patches Critical Keycloak & LevelDB Flaws Apache Camel K Vulnerability CVE-2026-45760 Build Deputy Apache Camel Security CVE-2026-23552 CVE-2025-27636 CVE-2025-29891 PoC

Apache Camel K Vulnerability CVE-2026-45760 Build Deputy Apache Camel Security CVE-2026-23552 CVE-2025-27636 CVE-2025-29891 PoC

Apache Camel Patches Critical Keycloak & LevelDB Flaws

Do Son February 19, 2026

Maintainers of Apache Camel, the widely adopted open-source framework that empowers you to quickly and easily integrate...

CVE-2026-24656: Deserialization Flaw in Apache Karaf Exposes Systems to DoS

Do Son January 26, 2026

A significant security vulnerability has been identified in Apache Karaf Decanter, a monitoring solution widely used in...

Apache NiFi’s Data Leak: How a High-Severity Deserialization Flaw Puts Your Asana Workflows at Risk Apache NiFi RCE CVE-2026-39816 Apache NiFi Vulnerability CVE-2026-25903 Apache NiFi Deserialization, GetAsanaObject Vulnerability CVE-2024-52067 - CVE-2024-56512 CVE-2025-27017

Apache NiFi RCE CVE-2026-39816 Apache NiFi Vulnerability CVE-2026-25903 Apache NiFi Deserialization, GetAsanaObject Vulnerability CVE-2024-52067 - CVE-2024-56512 CVE-2025-27017

Apache NiFi’s Data Leak: How a High-Severity Deserialization Flaw Puts Your Asana Workflows at Risk

Do Son December 22, 2025

The Apache Software Foundation has issued a security advisory for Apache NiFi, the powerful data processing engine...

NVIDIA Critical AI Patch: Isaac Lab and NeMo Framework Flaws Risk Full Code Execution NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NVIDIA Critical AI Patch: Isaac Lab and NeMo Framework Flaws Risk Full Code Execution

Do Son December 17, 2025

NVIDIA has rolled out a sweeping security update addressing multiple high-severity vulnerabilities across its AI and simulation...

NVIDIA Merlin Flaws Risk AI Pipeline RCE via Unsafe Deserialization in NVTabular & Transformers4Rec NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA Merlin Flaws Risk AI Pipeline RCE via Unsafe Deserialization in NVTabular & Transformers4Rec

Do Son December 15, 2025

NVIDIA has issued an important security update for its Merlin framework, patching high-severity vulnerabilities that could allow...

“React2Shell” Crisis: Critical Vulnerability Triggers Global Cyberattacks by State-Sponsored Groups React2Shell RCE, Flight Protocol Deserialization

React2Shell RCE, Flight Protocol Deserialization

“React2Shell” Crisis: Critical Vulnerability Triggers Global Cyberattacks by State-Sponsored Groups

Do Son December 11, 2025

A critical security flaw in the popular React web framework has ignited a wave of cyberattacks, with...

Maximum Severity Alert: Critical RCE Flaw Hits Next.js (CVE-2025-66478, CVSS 10.0)

Do Son December 4, 2025

Developers using the modern stack of Next.js and React are facing a “red alert” situation today. A...

SAP November 2025 Patch Day Fixes 3 Critical Flaws (CVSS 10) — Including Code Injection and Insecure Key Management CVE-2024-33006 - CVE-2025-0064 SAP Critical Patch, RMI-P4 RCE

CVE-2024-33006 - CVE-2025-0064 SAP Critical Patch, RMI-P4 RCE

SAP November 2025 Patch Day Fixes 3 Critical Flaws (CVSS 10) — Including Code Injection and Insecure Key Management

Do Son November 11, 2025

Today, SAP released its latest batch of Security Patch Day updates, delivering 18 new security notes and...

Critical WSUS Flaw (CVE-2025-59287, CVSS 9.8) Allows Unauthenticated RCE via Unsafe Cookie Deserialization, PoC Available WSUS Deserialization RCE, CVE-2025-59287

WSUS Deserialization RCE, CVE-2025-59287

Critical WSUS Flaw (CVE-2025-59287, CVSS 9.8) Allows Unauthenticated RCE via Unsafe Cookie Deserialization, PoC Available

Do Son October 23, 2025

Security researcher Batuhan Er from HawkTrace has detailed a critical remote code execution (RCE) vulnerability in Microsoft...

Critical Keras 3 RCE Flaw (CVE-2025-49655, CVSS 9.8) Allows Code Execution on Model Load Keras RCE, Insecure Deserialization

Critical Keras 3 RCE Flaw (CVE-2025-49655, CVSS 9.8) Allows Code Execution on Model Load

Do Son October 20, 2025

Researchers at HiddenLayer have disclosed a critical arbitrary code execution vulnerability in the Keras 3 deep learning...

Critical RCE Flaw CVE-2025-54539 in Apache ActiveMQ NMS AMQP Client Allows Server-Side Code Execution ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

Critical RCE Flaw CVE-2025-54539 in Apache ActiveMQ NMS AMQP Client Allows Server-Side Code Execution

Do Son October 16, 2025

The Apache Software Foundation has issued a new security advisory addressing a critical vulnerability in Apache ActiveMQ’s...

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group

Do Son October 7, 2025

Microsoft Threat Intelligence has issued a warning following the discovery of active exploitation of a newly disclosed...

Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released Snipe-IT RCE Chain, Deserialization

Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released

Do Son October 7, 2025

Cybersecurity researchers at Synacktiv have uncovered two critical vulnerabilities in Snipe-IT, an open-source IT asset management system,...

Critical RCE Flaw in Apache Fory’s Python Module (CVE-2025-61622) Apache Fory, RCE vulnerability

Critical RCE Flaw in Apache Fory’s Python Module (CVE-2025-61622)

Do Son September 30, 2025

The Apache Fory project, a high-performance multi-language serialization framework, has disclosed a critical vulnerability (CVE-2025-61622) that could...

CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited Known Exploited Vulnerabilities CISA KEV

CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited

Do Son September 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Dassault Systèmes DELMIA Apriso...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Deserialization

Apache MINA Fixes Critical RCE Vulnerabilities

Apache MINA Hit by Twin Critical RCE Flaws

Critical 9.8 CVSS RCE Hijacks Pipecat Voice Agents

Critical Pre-Auth RCE Found in OpenAM Identity Platform

Critical 9.3 CVSS RCE Vulnerability Hit in OpenTelemetry Java Agent

Apache Camel Patches Critical Keycloak & LevelDB Flaws

CVE-2026-24656: Deserialization Flaw in Apache Karaf Exposes Systems to DoS

Apache NiFi’s Data Leak: How a High-Severity Deserialization Flaw Puts Your Asana Workflows at Risk

NVIDIA Critical AI Patch: Isaac Lab and NeMo Framework Flaws Risk Full Code Execution

NVIDIA Merlin Flaws Risk AI Pipeline RCE via Unsafe Deserialization in NVTabular & Transformers4Rec

“React2Shell” Crisis: Critical Vulnerability Triggers Global Cyberattacks by State-Sponsored Groups

Maximum Severity Alert: Critical RCE Flaw Hits Next.js (CVE-2025-66478, CVSS 10.0)

SAP November 2025 Patch Day Fixes 3 Critical Flaws (CVSS 10) — Including Code Injection and Insecure Key Management

Critical WSUS Flaw (CVE-2025-59287, CVSS 9.8) Allows Unauthenticated RCE via Unsafe Cookie Deserialization, PoC Available

Critical Keras 3 RCE Flaw (CVE-2025-49655, CVSS 9.8) Allows Code Execution on Model Load

Critical RCE Flaw CVE-2025-54539 in Apache ActiveMQ NMS AMQP Client Allows Server-Side Code Execution

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group

Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released

Critical RCE Flaw in Apache Fory’s Python Module (CVE-2025-61622)

CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited