Deserialization attack on YAML and reversing web assembly
Chaining XSS, SSRF, and deserialization vulnerabilities to get RCE