298 matches found
CVE-2026-39979
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...
EUVD-2026-22128
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...
CVE-2026-39979
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...
CVE-2026-5011
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...
EUVD-2026-16942
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...
CVE-2026-5011
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...
CVE-2026-5011 elecV2 elecV2P JSON webhook runJSFile code injection
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...
CVE-2026-5011 elecV2 elecV2P JSON webhook runJSFile code injection
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...
CVE-2026-5011
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...
CVE-2026-5011
CVE-2026-5011 affects elecV2 elecV2P up to version 3.8.3. The vulnerability resides in the JSON Parser component, specifically the runJSFile function in the /webhook file. Manipulating the argument rawcode can lead to code injection, enabling remote exploitation. Public exploit exists and may be ...
PT-2026-28725
Name of the Vulnerable Software and Affected Versions elecV2 versions prior to 3.8.4 Description A code injection issue exists in the JSON Parser component due to manipulation of the rawcode argument within the runJSFile function of the /webhook file. Remote exploitation is possible. The project...
Linux Distros Unpatched Vulnerability : CVE-2026-33228
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direc...
CVE-2026-25790 Wazuh has Stack-Based Buffer Overflow in Security Configuration Assessment JSON Parser
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment SCA decoder wazuh-analysisd. The use of sprintf with a...
CVE-2026-25790
CVE-2026-25790 affects Wazuh prior to 4.14.3 (from 3.9.0 up to but excluding 4.14.3). The issue is a stack-based buffer overflow in the Security Configuration Assessment (SCA) decoder used by wazuh-analysisd, caused by unbounded use of sprintf with a floating-point value into a 128-byte stack buf...
CVE-2026-32141
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...
Linux Distros Unpatched Vulnerability : CVE-2026-29062
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before versio...
CVE-2026-29062
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constrai...
GHSA-6V53-7C9G-W56R jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion
Summary The UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint default: 500 defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive...
jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion
Summary The UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint default: 500 defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive...
Malicious Package
Overview turbo-json-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...