High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478):

https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/

#exploit #exploitation #infosec #informationsecurity #cve #rce #hacking #deserialization

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478):

https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/

#exploit #exploitation #infosec #informationsecurity #cve #rce #hacking #deserialization

Making Serialization Gadgets by Hand - .NET:

https://www.vulncheck.com/blog/making-dotnet-gadgets

#dotnet #infosec #deserialization #hacking #programming #exploit #exploitation

Making Serialization Gadgets by Hand - .NET:

https://www.vulncheck.com/blog/making-dotnet-gadgets

#dotnet #infosec #deserialization #hacking #programming #exploit #exploitation

CVE-2025-59287 WSUS Unauthenticated RCE

Vulnerability in update service enables unauthenticated attacker to send crafted encrypted cookie leading to unsafe deserialization and SYSTEM-level code execution

https://hawktrace.com/blog/CVE-2025-59287-UNAUTH

#Deserialization #PatchMgmt

Why nested deserialization is STILL harmful – Magento RCE (CVE-2025-54236):

https://slcyber.io/assetnote-security-research-center/why-nested-deserialization-is-still-harmful-magento-rce-cve-2025-54236/

#infosec #cybersecurity #deserialization #rce #exploit #exploitation #cve

Why nested deserialization is STILL harmful – Magento RCE (CVE-2025-54236):

https://slcyber.io/assetnote-security-research-center/why-nested-deserialization-is-still-harmful-magento-rce-cve-2025-54236/

#infosec #cybersecurity #deserialization #rce #exploit #exploitation #cve

I built a tiny/simple ECS library for a hobby game. I like defining "prefabs" in code, but I'm wracking my brain trying to understand how I can have code-defined prefabs, but also make a lightweight editor where I can place entities and edit attributes about that "instance" in the level, save it, and have that deserialized data be applied on top of the prefab during deserialization/gameplay.

Any hobbiests out there, I could use your insights.

#ecs #deserialization #leveleditors #helpwanted

🚨 CVE-2025-6507 (CRITICAL, CVSS 9.8): h2oai/h2o-3 vulnerable to remote code execution & file read via deserialization flaw in JDBC handling. Upgrade to 3.46.0.8+ ASAP! https://radar.offseq.com/threat/cve-2025-6507-cwe-502-deserialization-of-untrusted-fcb4a255 #OffSeq #CVE20256507 #AIsecurity #Deserialization

🔴 CRITICAL: CVE-2025-42980 in SAP NetWeaver EP-RUNTIME 7.50 exposes deserialization of untrusted data. Privileged users can trigger full system compromise. Apply patches & review privileges. https://radar.offseq.com/threat/cve-2025-42980-cwe-502-deserialization-of-untruste-7b67491f #OffSeq #SAP #CVE202542980 #Deserialization #Vuln

💣 CLIXML #deserialization in #PowerShell isn't harmless… At #PSConfEU 2025, Alexander Andersson showed how it enables: ✔ Lateral movement ✔ Privilege escalation ✔ Guest-to-host VM breakouts 🎟️ Early bird 2026 tickets → psconf.eu #Security #CLIXML

- YouTube

Using JsonPropertyName to map Json to Class C# Tip #42 - How to use the [JsonPropertyName] attribute in C# to map mismatched JSON fields (like "id") to class properties (like UniquePostId) during deserialization. #CSharp #JSON #Deserialization #HttpClient #JsonPropertyName #DataMapping #WebAPI #DotNet #Attributes

Seems a first step is almost done, adding #JSON support to my #poser lib. This could be the foundation for #JWT support in #swad. 😎

Need to do more thorough testing I guess, but at least the two example documents from #rfc8259 work fine ... the test tool does a full #deserialization / #serialization roundtrip (with specific internal representations of the data types supported by JSON).

edit: Look at the "Longitude" value of the second object in the second example 😏 I only noticed myself right now, but of course that's the desired behavior.

My first article for @mogwailabs_gmbh just released. Thanks to @h0ng10 for making it happen. 🥳

https://mogwailabs.de/en/blog/2024/12/jndi-mind-tricks/

#jndi #java #deserialization

Note: before all of the script kiddies get their hopes up and think they can pwnxorize every Rails app, deserialization vulnerabilities in Ruby are actually quite rare these days due to Marshal.load almost never being used in the wild and YAML.load has been aliased to YAML.safe_load for some time now.
#rubysec #deserialization

🚀 Nächste Woche ist #BaselOne24 🎉

Am 16. und 17. Oktober 2024 erwarten Euch viele spannende Workshops und Vorträge von bekannten Speaker:innen und Newcomer:innen. Dabei bringen Sie Euch auf den neuesten Stand in Sachen #KünstlicheIntelligenz, #Deserialization, #Metriken, #TeamBuilding, #Java, #Kafka, #Testing, und vieles mehr.

👉🏻 Hier geht's zum Programm: https://lnkd.in/egfakuP5

🐸 https://lnkd.in/ggjmzerN

#communityrocks #BaselOne #TechEvent #CleanCode #AI #Kafka #Java

Wednesday Links - Edition 2024-10-02
https://dev.to/0xkkocel/wednesday-links-edition-2024-10-02-1hcm
#java #jvm #threads #deserialization #spring

⏳Wer hat an der Uhr gedreht... Nur noch 3 Wochen bis zur #BaselOne24... 😊

🔊 Am 16. und 17. Oktober 2024 erwarten Euch Gerrit Grunwald, Grace Jansen, Falk Sippach, Nadine Broghammer, Simon Martinelli und Patrick Baumgartner. Dabei bringen Sie Euch auf den neuesten Stand in Sachen #KünstlicheIntelligenz, #Deserialization, #Metriken, #TeamBuilding, hashtag#Java, #Kafka, #Testing, und vieles mehr.

🐸 unter https://lnkd.in/ggjmzerN.

#Communityrocks #SoftwareDevelopment #TechConference #AI

The sorry state of Java deserialization

#deserialization #java

https://www.marginalia.nu/log/a_110_java_io/?utm_medium=erik.in&utm_source=mastodon