Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990872)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990872 advisory. In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event-mmapmutex is strictly insufficient...

CVE-2025-64439

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

[SECURITY] Fedora 43 Update: python-cloudpickle-3.1.2-1.fc43

cloudpickle makes it possible to serialize Python constructs not supported by the default pickle module from the Python standard library. cloudpickle is especially useful for cluster computing where Python expressions are shipped over the network to execute on remote hosts, possibly close to the...

CVE-2025-64439

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

[SECURITY] Fedora 43 Update: rust-serde_json-1.0.145-1.fc43

A JSON serialization file format...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989897)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989897 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: serialize hash resizes and cleanups Syzbot was able to trigger the followin...

openSUSE Security Advisory (SUSE-SU-2025:3780-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: perl-YAML-Syck-1.36-1.fc42

This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...

[SECURITY] Fedora 41 Update: perl-YAML-Syck-1.36-1.fc41

This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-python-socketio (SUSE-SU-2025:3780-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:3780-1 advisory. - CVE-2025-61765: fixed by using json, rather than pickle for serialization bsc1251193 Tenable has...

Security update for python-python-socketio

This update for python-python-socketio fixes the following issues: CVE-2025-61765: fixed by using json, rather than pickle for serialization bsc1251193 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:3780-1 Security update for python-python-socketio

This update for python-python-socketio fixes the following issues: - CVE-2025-61765: fixed by using json, rather than pickle for serialization bsc1251193...

pgCodeKeeper 安全漏洞

pgCodeKeeper is an open source Eclipse plug-in for database schema management from pgCodeKeeper. A security vulnerability exists in pgCodeKeeper version 10.12.0, which stems from the Utils.serialize function's handling of serialized data from an untrustworthy source, and could lead to the executi...

Deserialization of Untrusted Data

Overview pyquokka is a Quokka Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the doaction function in the flight.py file. An attacker can execute arbitrary code on the server by sending maliciously crafted serialized data through the network interface...

CVE-2025-54539

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

CVE-2025-54539

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

CVE-2025-54539

Apache ActiveMQ NMS AMQP Client (vulnerable up to 2.3.0) suffers Deserialization of Untrusted Data due to unbounded deserialization logic when connecting to untrusted AMQP servers. Malicious responses could lead to arbitrary code execution on the client side; a 2.1.0 deserialization restriction v...

CVE-2025-54539 Apache ActiveMQ NMS AMQP Client: Deserialization of Untrusted Data

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...