Lucene search
K

243 matches found

OSV
OSV
added 2026/03/20 11:16 p.m.4 views

UBUNTU-CVE-2026-33210

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...

9.1CVSS5.8AI score0.00838EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/20 10:57 p.m.28 views

CVE-2026-33210 Ruby JSON has a format string injection vulnerability

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...

8.3CVSS0.00838EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 10:57 p.m.56 views

CVE-2026-33210

CVE-2026-33210 concerns Ruby JSON, a JSON implementation for Ruby. The vulnerability exists in versions 2.14.0 to before 2.15.2.1, 2.17.1.2, and 2.19.2, where parsing with the option allow_duplicate_key: false can trigger a format-string injection, leading to denial of service or information disc...

9.1CVSS5.7AI score0.00838EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:57 p.m.5 views

CVE-2026-33210

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...

8.3CVSS5.7AI score0.00838EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 10:57 p.m.3 views

CVE-2026-33210 Ruby JSON has a format string injection vulnerability

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...

8.3CVSS5.7AI score0.00838EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/20 10:57 p.m.5 views

CVE-2026-33210

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...

9.1CVSS6AI score0.00838EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

JSON implementation for Ruby 格式化字符串错误漏洞

JSON Implementation for Ruby is a open-source Ruby implementation of JSON. There were formatting string error vulnerabilities in versions prior to Ruby 2.15.2.1, Ruby 2.17.1.2, and Ruby 2.19.2. These vulnerabilities stem from format string injection when using the allowduplicatekey: false parsing...

9.1CVSS6.4AI score0.00838EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 12:45 p.m.4 views

GHSA-3M6G-2423-7CP3 Ruby JSON has a format string injection vulnerability

Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted...

8.3CVSS5.8AI score0.00838EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/19 12:45 p.m.6 views

Ruby JSON has a format string injection vulnerability

Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted...

9.1CVSS5.8AI score0.00838EPSS
Exploits0References4Affected Software1
RubySec
RubySec
added 2026/03/19 12:0 a.m.15 views

Ruby JSON has a format string injection vulnerability

Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted...

9.1CVSS5.8AI score0.00838EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26298

Name of the Vulnerable Software and Affected Versions Ruby JSON versions 2.14.0 through 2.15.2 Ruby JSON versions 2.17.1 through 2.17.1.2 Ruby JSON versions 2.19.0 through 2.19.2 Description Ruby JSON is a JSON implementation for Ruby. A format string injection issue exists when the allow duplica...

9.8CVSS5.8AI score0.00868EPSS
Exploits2References87
RedhatCVE
RedhatCVE
added 2026/01/21 9:26 p.m.6 views

CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

2.7CVSS5.5AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 9:16 p.m.5 views

CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

2.7CVSS5.8AI score0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 9:16 p.m.6 views

CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

2.7CVSS0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 8:48 p.m.2 views

CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

2.7CVSS5.5AI score0.0021EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/20 8:48 p.m.18 views

CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

2.7CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 8:48 p.m.14 views

CVE-2026-21640

The CVE-2026-21640 entry describes an INI format-string injection in Revive Adserver settings that can crash the admin console with a fatal PHP error when certain character sequences are used. The issue is reported for Revive Adserver (with a referenced 6.0.4 context in the HackerOne report). Roo...

2.7CVSS5.5AI score0.0021EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 8:48 p.m.3 views

CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

2.7CVSS5.5AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

Revive Adserver security vulnerability

Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system offers functions such as advertising placement, ad slot management, and data statistics. There is a security vulnerability in Revive Adserver; this vulnerability stems from...

2.7CVSS5.8AI score0.0021EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.10 views

PT-2026-3657

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

2.7CVSS5.5AI score0.0021EPSS
Exploits0References2
Rows per page
Query Builder