matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events

The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...

RUSTSEC-2025-0135 matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events

The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...

PT-2025-49576

Name of the Vulnerable Software and Affected Versions matrix-sdk-base versions 0.14.1 and prior Description The software is susceptible to a denial-of-service condition. If a user is invited to a room with non-standard join rules, the sync process will stall, preventing further processing for all...

CVE-2025-40219

In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit 05703271c3cd "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" tried to fix a race between the VF removal inside sriovdelvfs and concurrent...

CVE-2025-40219 PCI/IOV: Fix race between SR-IOV enable/disable and hotplug

In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit 05703271c3cd "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" tried to fix a race between the VF removal inside sriovdelvfs and concurrent...

Beyond JSON: Converting Spring AI Tool Response Formats to TOON, XML, CSV, YAML, ...

JSON is the go-to format for LLM tool responses, but recent discussions around alternative formats like TOON Token-Oriented Object Notation claim potential benefits in token efficiency and performance. While the debate continues—with critical analyses pointing to context-dependent results—the...

TencentOS Server 4: ghostscript (TSSA-2025:0256)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0256 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46713)

perf/aux: AUX buffer serialization. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504633; scriptversion"1.3";...

CVE-2025-40130

CVE-2025-40130 affects the Linux kernel Scsi/UFS subsystem where CPU latency PM QoS requests could race due to missing internal synchronization. The issue stems from interfaces cpu_latency_qos_add/remove/update_request not providing thread safety and relying on a pm_qos_enabled flag insufficient ...

CVE-2025-40130 scsi: ufs: core: Fix data race in CPU latency PM QoS request handling

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling The cpulatencyqosadd/remove/updaterequest interfaces lack internal synchronization by design, requiring the caller to ensure thread safety. The current...

PT-2025-46605

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a data race condition in the SCSI UFS core related to CPU latency PM QoS request handling. The cpu latency qos add, cpu latency qos remove, and cpu latency qos...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990872)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990872 advisory. In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event-mmapmutex is strictly insufficient...

CVE-2025-64439

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

[SECURITY] Fedora 43 Update: python-cloudpickle-3.1.2-1.fc43

cloudpickle makes it possible to serialize Python constructs not supported by the default pickle module from the Python standard library. cloudpickle is especially useful for cluster computing where Python expressions are shipped over the network to execute on remote hosts, possibly close to the...

CVE-2025-64439

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

[SECURITY] Fedora 43 Update: rust-serde_json-1.0.145-1.fc43

A JSON serialization file format...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989897)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989897 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: serialize hash resizes and cleanups Syzbot was able to trigger the followin...

openSUSE Security Advisory (SUSE-SU-2025:3780-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: perl-YAML-Syck-1.36-1.fc42

This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...