Fedora: Security Advisory (FEDORA-2026-bf741e26e4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 44 : python-ujson (2026-5725d633ec)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5725d633ec advisory. Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling. Tenable has...

CVE-2026-32875

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent...

CVE-2026-32874

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

CVE-2026-32874 UltraJSON has a Memory Leak parsing large integers allows DoS

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

CVE-2026-32874

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

Integer Overflow or Wraparound

Overview ujson is an Ultra fast JSON encoder and decoder for Python Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the indent parameter in the dumps, dump, or encode functions. An attacker can cause a crash or infinite loop by supplying large or negative...

UltraJSON has a Memory Leak parsing large integers allows DoS

Summary ujson 5.4.0 to 5.11.0 inclusive contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. Exploitability Any service that calls ujson.load/ujson.loads/ujson.decode on untrusted inputs is affected and vulnerable to denial of service attacks...

PT-2026-26092

Name of the Vulnerable Software and Affected Versions UltraJSON versions 5.4.0 through 5.11.0 Description UltraJSON, a fast JSON encoder and decoder written in C with Python 3.7+ bindings, contains an accumulating memory leak when parsing large integers outside the range -2^63, 2^64 - 1 within JS...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001448)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001448 advisory. An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allo...

EUVD-2024-0286

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-6790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP...

Thinkgem JeeSite 输入验证错误漏洞

Thinkgem JeeSite is an open source Java EE enterprise-class rapid development platform of China Zhuo Yuan Thinkgem company . The platform includes system permissions components , data permissions components , data dictionary components , core tools components , view manipulation components ,...

UBUNTU-CVE-2025-53103

JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are...

Deserialization of untrusted data

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

PT-2024-19987 · Oracle · Jdk

Name of the Vulnerable Software and Affected Versions: SOFARPC versions prior to 5.12.0 Description: SOFARPC is a Java RPC framework that defaults to using the SOFA Hessian protocol to deserialize received data. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of...

SUSE CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

CVE-2022-38086 WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shortcodes Ultimate plugin = 5.12.0 at WordPress leading to plugin preset settings change...

PT-2024-11195 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.0 Description: A vulnerability in the Linux kernel has been resolved, which could cause a kernel panic when the headroom size is too large in the mld newpack function. This function does not allow high-orde...