CVE-2026-25790 Wazuh has Stack-Based Buffer Overflow in Security Configuration Assessment JSON Parser

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment SCA decoder wazuh-analysisd. The use of sprintf with a...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the JsonBeanPropertyBinder::expandArrayToThreshold function of the form-urlencoded body binding process. An attacker can cause sustained CPU usage and unbounded memory growth,...

io.micronaut.aws:micronaut-aws-alexa (=5.0.0-M1), io.micronaut.aws:micronaut-aws-alexa-httpserver (=5.0.0-M1) +72 more potentially affected by CVE-2026-33013 via io.micronaut:micronaut-json-core (>=5.0.0-M1 <=5.0.0-M13)

io.micronaut:micronaut-json-core MAVEN version =5.0.0-M1, =5.0.0-M13 is affected by a known vulnerability. The following packages have a transitive dependency on io.micronaut:micronaut-json-core and may be impacted: - io.micronaut.aws:micronaut-aws-alexa =5.0.0-M1 -...

GHSA-43W5-MMXV-CPVH Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

In JsonBeanPropertyBinder::expandArrayToThreshold in io.micronaut:micronaut-json-core before Micronaut 4 4.10.16 and in Micronaut 3 before 3.10.5 does not correctly handle descending array index order during form-urlencoded body binding, which allows remote attackers to cause a denial of service...

com.c0x12c:module-ai-image (>=0.12.0 <=0.13.4), com.c0x12c:module-ai-module-impl (>=0.5.0 <=0.13.4) +361 more potentially affected by CVE-2026-33013 via io.micronaut:micronaut-json-core (>=4.0.0-M1 <=4.10.15)

io.micronaut:micronaut-json-core MAVEN version =4.0.0-M1, =0.12.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.10.0, =0.8.0, =0.5.0, =0.2.15, =1.15.0.516, =0.0.41, =3.2.0, =3.5.0 and more Source cves: CVE-2026-33013 Source advisory: OSV:GHSA-43W5-MMXV-CPVH...

com.agorapulse:gru-micronaut (=1.4.0), com.bertramlabs.plugins:asset-pipeline-grails (>=4.5.0 <=4.5.2) +88 more potentially affected by CVE-2026-33013 via io.micronaut:micronaut-json-core (>=3.10.0 <=3.10.4)

io.micronaut:micronaut-json-core MAVEN version =3.10.0, =4.5.0, =0.1.0, =6.0.9, =1.2.1, =0.12.0, =0.12.0, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2026-33013 Source advisory: SNYK:JAVA-IOMICRONAUT-15682607...

com.c0x12c:module-ai-image (>=0.12.0 <=0.13.4), com.c0x12c:module-ai-module-impl (>=0.5.0 <=0.13.4) +361 more potentially affected by CVE-2026-33013 via io.micronaut:micronaut-json-core (>=4.0.0-M1 <=4.10.15)

io.micronaut:micronaut-json-core MAVEN version =4.0.0-M1, =0.12.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.10.0, =0.8.0, =0.5.0, =0.2.15, =1.15.0.516, =0.0.41, =3.2.0, =3.5.0 and more Source cves: CVE-2026-33013 Source advisory: SNYK:JAVA-IOMICRONAUT-15682607...

SUSE CVE-2026-27962

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any...

SUSE CVE-2026-28490

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the MariaDBFilterExpressionConverter, which allows attackers to bypass metadata-based access controls and execute SQL statements with malicious JSONVALUE input. Remediation Upgrade...

EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2026-1580)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON...

Improper Verification of Cryptographic Signature

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the JsonWebSignature.preparealgorithmkey method in authlib/jose/rfc7515/jws.py. An attacker can bypass authenticatio...

GO-2026-4514 Denial of service in github.com/buger/jsonparser

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

MAL-2026-1482 Malicious code in chacha-lite-encrypt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 705b86da323a21b157504bf4833b60c8aa90a57d6db5111716afe31c114b6c1d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

Malicious code in chacha-lite-encrypt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 705b86da323a21b157504bf4833b60c8aa90a57d6db5111716afe31c114b6c1d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

CVE-2026-28490

A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. This cryptographic padding oracle vulnerability, affecting the JSON Web Encryption JWE RSA15 key management algorithm, could allow a remote attacker to decrypt sensitive information. The vulnerability...

CVE-2026-27962

A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK JSON Web Key Header Injection, affects how Authlib verifies digital signatures in JWS JSON Web Signature tokens. An attacker can exploit this by creati...

CVE-2026-27962

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any...

UBUNTU-CVE-2026-27962

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any...

UBUNTU-CVE-2026-28490

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...