Lucene search
K

27 matches found

SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.5 views

SUSE CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/23 9:22 p.m.4 views

Incomplete List of Disallowed Inputs

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the...

9.2CVSS5.8AI score0.00677EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 9:22 p.m.4 views

GHSA-RMJ7-2VXQ-3G9F jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)

Summary BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating the array's component element type against the configured allowlist. A PTV built with allowIfSubTypeIsArray plus an explicit concrete-type allowlist...

8.1CVSS5.8AI score0.00677EPSS
Exploits0References7
OSV
OSV
added 2026/06/23 9:17 p.m.5 views

DEBIAN-CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 9:17 p.m.3 views

DEBIAN-CVE-2026-54513

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...

8.1CVSS5.8AI score0.00677EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 9:17 p.m.12 views

CVE-2026-54512

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS0.00617EPSS
Exploits1References3
OSV
OSV
added 2026/06/23 9:17 p.m.2 views

UBUNTU-CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/23 8:56 p.m.7 views

EUVD-2026-38595

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS5.8AI score0.00617EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/23 8:53 p.m.4 views

CVE-2026-54513 jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...

8.1CVSS5.8AI score0.00677EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/23 8:53 p.m.7 views

EUVD-2026-38593

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...

8.1CVSS5.8AI score0.00677EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.22 views

PT-2026-51596

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.10.0 through 2.18.7 jackson-databind versions 2.19.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description The BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray function allowlists any...

8.1CVSS5.7AI score0.00677EPSS
Exploits0References22
EUVD
EUVD
added 2025/12/10 9:31 p.m.4 views

EUVD-2025-202584

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8...

7.8CVSS7.5AI score0.01094EPSS
Exploits1References7
ICS
ICS
added 2025/12/10 4:46 p.m.3 views

Windscribe for Linux 'changeMTU' local privilege escalation

RISK EVALUATION A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and...

7.8CVSS7.8AI score0.01094EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-30081

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01209EPSS
Exploits1References4
Patchstack
Patchstack
added 2025/08/26 9:49 p.m.5 views

WordPress Lazy Load for Videos plugin <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-video-title and href Attributes vulnerability discovered by Webbernaut in WordPress Plugin Lazy Load for Videos versions = 2.18.7...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/06 2:26 a.m.6 views

CVE-2025-22521

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Farrell wp Hosting Performance Check wp-hosting-performance-check allows Reflected XSS.This issue affects wp Hosting Performance Check: from n/a through = 2.18.8...

7.1CVSS7.2AI score0.00303EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/09/26 5:27 p.m.10 views

CVE-2024-47174

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...

5.9CVSS5.8AI score0.00293EPSS
Exploits0
Prion
Prion
added 2023/10/17 11:15 p.m.15 views

Buffer overflow

Connected Vehicle Systems Alliance COVESA up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dltcommon.c...

5CVSS7.7AI score0.00906EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/17 12:0 a.m.6 views

PT-2023-25534 · Covesa +1 · Covesa +1

Name of the Vulnerable Software and Affected Versions: Connected Vehicle Systems Alliance COVESA versions up to 2.18.8 Description: The issue is related to a buffer overflow in the Connected Vehicle Systems Alliance COVESA software. This buffer overflow occurs via the component /shared/dlt...

7.5CVSS7AI score0.01209EPSS
Exploits6References25
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.8 views

dlt-daemon 安全漏洞

The dlt-daemon is the DLT communication interface for ECUs in the GlobalGENIVI community. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A security vulnerability exists in dlt-daemo version 2.18.8 and earlie...

7.5CVSS7.2AI score0.01209EPSS
Exploits1References4
Rows per page
Query Builder