EUVD-2026-29177

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

CVE-2026-44777

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

CVE-2026-43894

jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INTMAX-1 2147483646 digits, the D2U macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-by...

EUVD-2026-29162

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

CVE-2026-40612

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

EUVD-2026-29161

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

CVE-2026-41257

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

EUVD-2026-29163

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

GHSA-39QR-RC93-VHQM Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

Summary The apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an extremely large, endless JSON payload e.g., several...

CVE-2026-7815

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

CVE-2026-42845 Grav: Anonymous Page Content Overwrite via Form File Upload filename Override

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...

CVE-2026-7815 pgAdmin 4: SQL injection in Maintenance tool option values leading to remote code execution

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

CVE-2026-6093 Corteza 2024.9.8 - SQL Injection in MSSQL JSON-path meta filter via incorrect T-SQL string escaping

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart...

Linux Distros Unpatched Vulnerability : CVE-2026-43895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those path...

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.14.1 contain security vulnerabilities. These vulnerabilities stem from the use of default file system permissions for the configuration directory and files of the daemon process. ...

Network-AI 访问控制错误漏洞

Network-AI is a multi-agent orchestration and governance tool developed by Jovan Marinovic. Versions prior to Network-AI 5.1.3 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication, session, source, or token checks for JSON-RPC tool calls transmitte...

PT-2026-39903

Name of the Vulnerable Software and Affected Versions bird-lg-go versions prior to 1.4.5 Description The apiHandler and webHandlerTelegramBot functions process user-provided JSON payloads using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remo...

PT-2026-39724

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write txt, write csv, write json, and commented-but-shipping scan file helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A...