Lucene search
+L

367 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.29 views

RHEL 9 : jq (RHSA-2026:18044)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:18044 advisory. jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or...

8.2CVSS5.9AI score0.00559EPSS
Exploits1References6
Snyk
Snyk
added 2026/05/14 8:29 p.m.16 views

Improper Verification of Source of a Communication Channel

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via the single-instance socket process. An attacker can execute arbitrary code by sending a crafted JSON...

9.3CVSS6.2AI score0.00114EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2026/05/14 6:1 p.m.10 views

jq security update

An update is available for jq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list jq is a lightweight and flexible command-line JSON processor. jq is like sed for...

8.2CVSS5.8AI score0.00559EPSS
Exploits1
OSV
OSV
added 2026/05/14 6:16 a.m.5 views

UBUNTU-CVE-2025-14870

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References5
CVE
CVE
added 2026/05/14 5:37 a.m.23 views

CVE-2025-14870

CVE-2025-14870 affects GitLab Community and Enterprise Editions. Affected versions are GitLab CE/EE 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. The issue allowed an unauthenticated user to cause a denial of service by sending specially crafted JSON payloads due to insuffic...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:37 a.m.5 views

CVE-2025-14870

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE between 18...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.8 views

RockyLinux 9 : jq (RLSA-2026:16693)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:16693 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON obje...

8.2CVSS7AI score0.00559EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.8 views

RockyLinux 10 : jq (RLSA-2026:16692)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:16692 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON...

8.2CVSS7AI score0.00559EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/13 2:10 a.m.13 views

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/13 2:8 a.m.9 views

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2026/05/13 12:0 a.m.13 views

jq security update

1.6-19.0.2 - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions - Resolves: RHEL-168184 1.6-19.1 - Fix CVE-2026-39979 out-of-bounds read in jvparsesized - Resolves: RHEL-168201 1.6-19 - Fix CVE-2025-48060 - Resolves: RHEL-92993 1.6-18 - Fix CVE-2024-23337 -...

7.5CVSS5.8AI score0.00559EPSS
Exploits3
Oracle linux
Oracle linux
added 2026/05/13 12:0 a.m.13 views

jq security update

1.6-12 - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions - Fix CVE-2026-39979 out-of-bounds read in jvparsesized - Resolves: RHEL-168174 - Resolves: RHEL-168192...

7.5CVSS5.8AI score0.00559EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.10 views

Oracle Linux 10 : jq (ELSA-2026-16692)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-16692 advisory. - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions Tenable has extracted the preceding description block direct...

8.2CVSS7AI score0.00559EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.5 views

SUSE CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

5.5CVSS5.8AI score0.00366EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/14 6:12 p.m.3 views

CVE-2026-40164

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

7.5CVSS5.7AI score0.00366EPSS
Exploits0References5
NVD
NVD
added 2026/04/14 12:16 a.m.8 views

CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

7.5CVSS0.00366EPSS
Exploits0References32
OSV
OSV
added 2026/04/14 12:16 a.m.7 views

UBUNTU-CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/14 12:3 a.m.39 views

CVE-2026-39417 MaxKB: RCE via MCP stdio command injection in workflow engine

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

4.6CVSS0.00243EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

MaxKB 操作系统命令注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from issues with the MCP node, a workflow engine,...

5.5CVSS6.2AI score0.00243EPSS
Exploits0References3
Rows per page
Query Builder