Insecure Deserialization

Title	Vulnerabilities	Programs	Authors
Attacking PowerShell CLIXML Deserialization	Insecure Deserialization RCE	Microsoft	Alexander Andersson
Getting code execution on Veeam through CVE-2023-27532	RCE Insecure Deserialization Security Code Review	Veeam	Alain Mowat (@Plopz0r)
3 ways to get Remote Code Execution in Kafka UI	RCE Insecure Deserialization Groovy Scripting JMX	Kafka UI	Michael Stepankin (@Artsploit)
Dynamics 365 Business Central - A Journey With Ups and Downs	Insecure Deserialization Missing Authentication	Microsoft	Florian Hauser (@Frycos)
Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough	AI LLM RCE SSRF Insecure Deserialization Zip Slip Attack Path Traversal	PyTorch AWS Google Meta TorchServe SnakeYAML	Gal Elbaz Uri Katz Guy Kaplan Avi Lumelsky
Why nested deserialization is harmful: Magento XXE (CVE-2024-34102)	Insecure Deserialization XXE Patch Diffing Security Code Review	Magento	Adam Kues (@Hash_kitten) Shubham Shah (@Infosec_au)
Molding Lies Into Reality \|\| Exploiting CVE-2024-4358	RCE Insecure Deserialization Authentication Bypass Security Code Review	Progress (Telerik)	Sina Kheirkhah (@SinSinology)
My LLM Bug Bounty Journey on Hugging Face Hub via Protect AI	LLM Insecure Deserialization RCE	Hugging Face Protect AI	Peng Zhou
R-bitrary Code Execution: Vulnerability In R’s Deserialization (CVE-2024-27322)	Insecure Deserialization	R	Kasimir Schulz (@Abraxus7331) Kieran Evans (@KieranEvans89)
Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations	AI Malicious AI Model Cloud CI/CD RCE Insecure Deserialization Privilege Escalation Supply Chain Attack Cross-Tenant Vulnerability	Hugging Face	Shir Tamari (@Shirtamari) Sagi Tzadik (@Sagitz_)
Apache Dubbo Consumer Risks: The Road Not Taken	Insecure Deserialization Security Code Review	Apache Dubbo	Yaniv Nizry (@YNizry)
Java Deserialization Tricks	Insecure Deserialization RCE Security Code Review	Undisclosed	Clément Amic (@Loadlow)
Discovering Deserialization Gadget Chains in Rubyland	Insecure Deserialization	Undisclosed	Alex Leahu
Continuing the Citrix Saga: CVE-2023-5914 & CVE-2023-6184	Reflected XSS SSO RCE .NET Remoting Insecure Deserialization Security Code Review	Citrix Systems	Dylan Pindur Shubham Shah (@Infosec_au) Adam Kues (@Hash_kitten)
Nom for Security: A Proactive Security Review of Nomulus	Insecure Deserialization Verbose Logging Information Disclosure Cryptographic Issues Authentication Bypass	Google (Nomulus)	Sam Erb (@Erbbysam) Justin Taft
Hello Lucee! Let us hack Apple again?	RCE Insecure Deserialization ColdFusion Security Code Review	Apple Lucee	Harsh Jaiswal (@Rootxharsh) Rahul Maini (@Iamnoooob)
PHP deserialization attacks and a new gadget chain in Laravel	Insecure Deserialization PHP Pop Chain	Undisclosed	Mathieu Farrell
Java applet + serialization in 2024! What could go wrong?	Insecure Deserialization	Undisclosed	Federico Dotta (@Apps3c)
Relution Remote Code Execution via Java Deserialization Vulnerability	RCE Insecure Deserialization Security Code Review	Relution	Adam Crosser
Multiple vulnerabilities in Cisco Unified Communications Manager version 11.5.1	Insecure Deserialization RCE Local Privilege Escalation	Cisco	Julien Egloff
Gambio 4.9.2.0 - Insecure Deserialization	RCE Insecure Deserialization Security Code Review	Gambio	Christian Poeschl Lukas Schraven
CVE-2023–50220 — Inductive Automation Ignition XML Deserialization to RCE	Insecure Deserialization RCE Security Code Review	Inductive Automation Ignition	Petrus Viet (@VietPetrus)
Unauthenticated RCE in Adobe Coldfusion – CVE-2023-26360	RCE Insecure Deserialization Arbitrary File Read Patch Diffing Security Code Review	Adobe (ColdFusion)	SecureLayer7 (@SecureLayer7)
Panic!! At the YAML	Insecure Deserialization RCE	SnakeYAML	Ron Bowes (@Iagox86)
DoubleTrouble	RCE Insecure Deserialization Security Code Review	Inductive Automation Ignition	Rocco Calvi (@TecR0c) Steven Seeley (@Steventseeley)

Page 1 of 5