Lucene search
K

2757 matches found

RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-54265

A flaw was found in Angular's @angular/compiler package. When a native DOM property requiring sanitization is bound using two-way binding syntax, the template compiler fails to apply the appropriate sanitizer. An attacker who controls the bound value can bypass Angular's built-in sanitization,...

6.1CVSS5.5AI score0.00195EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-54164 API Platform Core: Missing IRI type check enables resource type confusion

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS0.00195EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago23 views

CVE-2026-55223 c3p0 exposes a deserialization "sink" via JDBC DataSource bean properties

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS0.00284EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2026-55223

CVE-2026-55223 affects the c3p0 JDBC connection pooling library. Before 0.14.0, c3p0 can enable a deserialization gadget “sink” when combined with other libraries: DataSource.getConnection() and ConnectionPoolDataSource.getPooledConnection() are treated as safe JavaBean properties, but invoking p...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-54515

A flaw was found in jackson-databind. This vulnerability occurs in the data-binding functionality where properties intended to be ignored are incorrectly restored and become writable again. An attacker could potentially exploit this by providing input that modifies data through these supposedly...

5.3CVSS5.6AI score0.00345EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-10513 Webmention <= 5.8.0 - Unauthenticated Stored Cross-Site Scripting via MF2 'photo'/'url' Author Properties

The Webmention plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.8.0 via parser-derived 'avatar' and 'url' author metadata. This is due to insufficient input sanitization and output escaping on user-supplied MF2 author properties processed by the...

7.2CVSS0.00236EPSS
Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-10513

CVE-2026-10513 affects the WordPress Webmention plugin (versions up to and including 5.8.0). The root cause is insufficient input sanitization and output escaping for MF2 author properties (avatar/url) processed by the unauthenticated webmention REST endpoint and rendered into HTML value attribut...

7.2CVSS5.9AI score0.00236EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 3:28 p.m.16 views

CVE-2026-57451

Vim CVE-2026-57451 affects Vim up to version 9.2.0670. The issue in get_text_props() (src/textprop.c) reads a uint16 property count inline after a line’s text and treats it as the number of 32-byte textprop_T entries that follow. The only boundary check is a floor for a single entry, and the coun...

6.1CVSS5.9AI score0.00113EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:28 p.m.36 views

CVE-2026-57451 Vim: Out-of-bounds Read in Text Property Count

Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...

5.3CVSS0.00113EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/25 3:28 p.m.6 views

CVE-2026-57451

Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...

6.1CVSS5.9AI score0.00113EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:24 p.m.36 views

CVE-2026-57454 Vim: Out-of-bounds Read with Text Properties

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads th...

6.8CVSS0.00119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52476

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0670 Description The get text props function in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop T entries that follow. Because the count ...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 10:16 p.m.4 views

DEBIAN-CVE-2026-54518

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/23 9:24 p.m.7 views

jackson-databind has @JsonView bypass for setterless creator properties

Summary In BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular property-buffering branch performed no prop.visibleInViewactiveView check. A change making SetterlessProperty.isMerging return true routed setterless...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References6Affected Software2
Snyk
Snyk
added 2026/06/23 9:24 p.m.5 views

Incorrect Authorization

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incorrect Authorization in the...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:24 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the BeanDeserializer.deserializeUsingPropertyBased method, whose property-buffering branch omits the prop.visibleInViewactiveView check that the creator-property branch performs. An attacker can populate...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:23 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the BeanDeserializerBase.createContextual method, which applies the per-property exclusions through handleByNameInclusion and then rebuilds the property m...

6.9CVSS5.8AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:23 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object...

6.9CVSS5.8AI score0.00345EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 9:23 p.m.4 views

GHSA-5JMJ-H7XM-6Q6V jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties

Summary In BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a contextual deserializer whose BeanPropertyMap has the ignored properties removed. The subsequent per-property case-insensitivity block triggered by...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References6
Rows per page
Query Builder