CVE-2025-13708 Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

Tencent NeuralNLP-NeuralClassifier loadcheckpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is required to exploit th...

CVE-2025-13708 Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

Tencent NeuralNLP-NeuralClassifier loadcheckpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is required to exploit th...

CVE-2025-13713 Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution Vulnerability

Tencent Hunyuan3D-1 loadpretrained Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent Hunyuan3D-1. User interaction is required to exploit this vulnerability in that the...

GHSA-C67J-W6G6-Q2CM LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

Summary A serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data...

Linux Distros Unpatched Vulnerability : CVE-2025-68480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0...

Tencent HunyuanVideo 代码问题漏洞

Tencent HunyuanVideo is a generative AI video model from Tencent, a Chinese company. Tencent HunyuanVideo suffers from a code issue vulnerability that stems from a lack of validation of user-supplied data in the loadvae function, which could lead to deserialization of untrusted data and remote co...

CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

DEBIAN-CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

UBUNTU-CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

CVE-2025-68476

CVE-2025-68476 affects KEDA . Prior to versions 2.17.3 and 2.18.3 , there is an Arbitrary File Read via insufficient path validation when loading the Service Account Token in spec.hashiCorpVault.credential.serviceAccount . An attacker with permissions to create/modify a TriggerAuthentication reso...

CVE-2025-68480 Marshmallow has DoS in Schema.load(many)

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

CVE-2025-68480 Marshmallow has DoS in Schema.load(many)

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

EUVD-2025-204752

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

CVE-2025-68480 Marshmallow has DoS in Schema.load(many)

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

CVE-2025-68480

CVE-2025-68480 affects Marshmallow. In Marshmallow versions 3.0.0rc1–3.26.1 and 4.0.0–4.1.1, Schema.load(data, many=True) is vulnerable to denial of service via crafted requests that can consume excessive CPU time. The issue is mitigated by upgrading to Marshmallow 3.26.2 or 4.1.2 or later, which...

Marshmallow has DoS in Schema.load(many)

Impact Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. Patches 4.1.2, 3.26.2 Workarounds py Fail fast def loadmanyschema, data, kwargs: if not isinstancedata, list: raise ValidationError'Invalid...

GHSA-428G-F7CQ-PGP5 Marshmallow has DoS in Schema.load(many)

Impact Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. Patches 4.1.2, 3.26.2 Workarounds py Fail fast def loadmanyschema, data, kwargs: if not isinstancedata, list: raise ValidationError'Invalid...

Asymmetric Resource Consumption (Amplification)

Overview Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification via the Schema.load method of the error storage utility, when handling input with the many parameter set to True. An attacker can cause excessive CPU consumption by submitting a moderately...

resolv: Denial of Service in resolv gem

A denial of service flaw was found in resolv ruby gem. This flaw allows an attacker to craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses this packet, the name decompression process consumes a large amount of CPU resources, as the library does...