EulerOS Virtualization 2.10.0 : python-ply (EulerOS-SA-2026-2062)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

Amazon Linux 2023 : policycoreutils, policycoreutils-dbus, policycoreutils-devel (ALAS2023-2026-1663)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1663 advisory. An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is...

OESA-2026-1594 python-ply security update

/ply/ /ply--.egg-info/ Security Fixes: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Becaus...

📄 PLY 3.11 Arbitrary Code Execution

An undocumented and unsafe feature in the PyPI‑distributed version of PLY version 3.11 allows arbitrary code execution when the yacc function is invoked with the picklefile parameter. 🚨 Undocumented Remote Code Execution in PLY CVE‑2025‑56005 CVE ID: CVE‑2025‑56005 Reported by: Ahmed Abd Disclosu...

CVE-2025-56005

An arbitrary code execution vulnerability was discovered in PLY Python Lex-Yacc. When an application uses PLY's undocumented picklefile parameter to load cached parser data, the library deserializes the pickle file without validation. If an attacker can supply or modify the pickle file being...

Linux Distros Unpatched Vulnerability : CVE-2025-56005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

CVE-2025-56005

CVE-2025-56005 affects PLY 3.11 (PyPI) and is triggered via the picklefile parameter in yacc(), which deserializes a .pkl with pickle.load() without validation. The underlying cause is unsafe deserialization, enabling remote code execution as described in multiple sources; this is not limited to ...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

PT-2026-3641

Name of the Vulnerable Software and Affected Versions PLY Python Lex-Yacc version 3.11 Description An undocumented and unsafe feature in the PLY library allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with...