Lucene search
K

87 matches found

OSV
OSV
added last week2 views

BIT-ENVOY-2026-48042 Envoy: Stack overflow in destructor of highly nested JSON

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O100K nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1...

7.5CVSS5.8AI score0.00557EPSS
Exploits1References3
NVD
NVD
added 2026/06/24 10:16 p.m.9 views

CVE-2026-55570

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

9CVSS0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:24 p.m.16 views

CVE-2026-55570 SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

9CVSS0.00327EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:24 p.m.11 views

CVE-2026-55570

Technical details are not publicly available in the provided documents. Monitor for updates.

9CVSS6AI score0.00327EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

SUSE SLED15 / SLES15 Security Update : mutt (SUSE-SU-2026:2301-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2301-1 advisory. This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP...

3.7CVSS5.4AI score0.00201EPSS
Exploits0References20
SUSE Linux
SUSE Linux
added 2026/06/08 1:55 p.m.11 views

Security update for mutt

This update for mutt fixes the following issues CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. CVE-2026-43861: missing check for \0 in urlpctdecode bsc1263895...

6.9CVSS5.4AI score0.00201EPSS
Exploits0References26
OSV
OSV
added 2026/06/08 1:55 p.m.9 views

SUSE-SU-2026:2301-1 Security update for mutt

This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. - CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. - CVE-2026-43861: missing check for \0 in urlpctdecode...

3.7CVSS5.4AI score0.00201EPSS
Exploits0References14
SUSE Linux
SUSE Linux
added 2026/06/08 1:54 p.m.8 views

Security update for mutt

This update for mutt fixes the following issues CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. CVE-2026-43861: missing check for \0 in urlpctdecode bsc1263895...

6.9CVSS5.4AI score0.00201EPSS
Exploits0References26
OSV
OSV
added 2026/05/28 8:47 p.m.12 views

GHSA-R2F4-FF2P-XC64 Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save

Description An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. The vulnerable flow accepts compositeIndices from imported JSON, stores the values...

7CVSS6AI score0.00346EPSS
Exploits0References7
OSV
OSV
added 2026/05/19 12:0 a.m.10 views

ALSA-2026:19365 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.10 views

AlmaLinux 10 : jq (ALSA-2026:16692)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:16692 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON obje...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/05/12 4:7 p.m.8 views

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/07 9:48 a.m.11 views

CVE-2026-43863

A flaw was found in mutt, an email client. A remote attacker could exploit this vulnerability by sending specially crafted input, which would trigger an infinite loop in the dataobjecttostream function. This issue, located in the crypt-gpgme.c component, can lead to a Denial of Service DoS, causi...

3.7CVSS5.8AI score0.00201EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.18 views

SUSE CVE-2026-43863

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

3.3CVSS5.8AI score0.00201EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/04 7:16 a.m.14 views

CVE-2026-43863

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

3.7CVSS5.8AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 7:16 a.m.6 views

UBUNTU-CVE-2026-43863

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

3.7CVSS5.8AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/04 6:5 a.m.18 views

EUVD-2026-26902

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

3.7CVSS5.8AI score0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 6:5 a.m.29 views

CVE-2026-43863

CVE-2026-43863 affects mutt prior to 2.3.2, where an infinite loop in data_object_to_stream (crypt-gpgme.c) is reported. The CVSS 3.1 vector indicates low availability impact. No remediation or specific fix details are provided in the connected documents. Affected version range inferred: mutt

3.7CVSS5.8AI score0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 6:5 a.m.7 views

CVE-2026-43863

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

3.7CVSS5.8AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.13 views

mutt 安全漏洞

Mutt is an open-source command-line email client for sending emails from the terminal. Versions of Mutt prior to 2.3.2 contained a security vulnerability, which stemmed from an infinite loop in dataobjecttostream in crypt-gpgme.c...

3.7CVSS5.8AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder