367 matches found
RHEL 9 : jq (RHSA-2026:18044)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:18044 advisory. jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or...
Improper Verification of Source of a Communication Channel
Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via the single-instance socket process. An attacker can execute arbitrary code by sending a crafted JSON...
jq security update
An update is available for jq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list jq is a lightweight and flexible command-line JSON processor. jq is like sed for...
UBUNTU-CVE-2025-14870
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation...
CVE-2025-14870
CVE-2025-14870 affects GitLab Community and Enterprise Editions. Affected versions are GitLab CE/EE 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. The issue allowed an unauthenticated user to cause a denial of service by sending specially crafted JSON payloads due to insuffic...
CVE-2025-14870
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE between 18...
RockyLinux 9 : jq (RLSA-2026:16693)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:16693 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON obje...
RockyLinux 10 : jq (RLSA-2026:16692)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:16692 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON...
jq: jq: Denial of Service via crafted JSON object causing hash collisions
A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...
jq: jq: Denial of Service via crafted JSON object causing hash collisions
A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...
jq security update
1.6-19.0.2 - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions - Resolves: RHEL-168184 1.6-19.1 - Fix CVE-2026-39979 out-of-bounds read in jvparsesized - Resolves: RHEL-168201 1.6-19 - Fix CVE-2025-48060 - Resolves: RHEL-92993 1.6-18 - Fix CVE-2024-23337 -...
jq security update
1.6-12 - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions - Fix CVE-2026-39979 out-of-bounds read in jvparsesized - Resolves: RHEL-168174 - Resolves: RHEL-168192...
Oracle Linux 10 : jq (ELSA-2026-16692)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-16692 advisory. - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions Tenable has extracted the preceding description block direct...
SUSE CVE-2026-40164
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...
CVE-2026-40164
A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...
CVE-2026-40164
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...
UBUNTU-CVE-2026-40164
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...
CVE-2026-39417 MaxKB: RCE via MCP stdio command injection in workflow engine
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...
MaxKB 操作系统命令注入漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from issues with the MCP node, a workflow engine,...