Lucene search
K

3716 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 9:32 p.m.17 views

CVE-2026-54517

A flaw was found in jackson-databind. A remote attacker can exploit this vulnerability due to an issue in how active-view @JsonView filters are applied. Specifically, setterless collections annotated with a restricted @JsonView can be populated from attacker-controlled JSON even when the active...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/30 9:32 p.m.18 views

CVE-2026-54514

A flaw was found in jackson-databind, a library used for processing JSON data. This vulnerability allows a remote attacker to force the application to perform an attacker-chosen DNS Domain Name System query. This occurs when untrusted JSON input containing specific network address information is...

5.3CVSS5.7AI score0.00219EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/30 9:22 p.m.17 views

CVE-2026-54512

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass the PolymorphicTypeValidator PTV when polymorphic typing is enabled and a type identifier contains generic parameters. By crafting a malicious type ID, an attacker can place a denied class as a generic typ...

8.1CVSS5.9AI score0.00617EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/30 8:50 p.m.20 views

CVE-2026-54515

A flaw was found in jackson-databind. This vulnerability occurs in the data-binding functionality where properties intended to be ignored are incorrectly restored and become writable again. An attacker could potentially exploit this by providing input that modifies data through these supposedly...

5.3CVSS5.6AI score0.00345EPSS
Exploits0References7
OSV
OSV
added 2026/06/27 12:0 a.m.3 views

OPENSUSE-SU-2026:11132-1 jackson-databind-2.18.8-2.1 on GA media

These are all security issues fixed in the jackson-databind-2.18.8-2.1 package on the GA media of openSUSE Tumbleweed...

8.1CVSS5.8AI score0.00617EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 5:3 p.m.3 views

Security Bulletin: Vulnerabilities in jackson-core and UUID might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in jackson-core and UUID. Vulnerabilities include jackson-core will throw a StreamConstraintsException if the limit is reached, vulnerable to a Denial of Service DoS attack and making unexpected writes when...

8.7CVSS5.8AI score0.00634EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2026/06/26 9:30 a.m.7 views

Server-Side Request Forgery

jackson-databind is vulnerable to server-side request forgery SSRF. The vulnerability is due to eager DNS resolution during InetSocketAddress deserialization, where untrusted hostnames are resolved before application-level validation, allowing attackers to trigger arbitrary DNS requests by...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.8 views

SUSE CVE-2026-54513

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...

8.1CVSS5.8AI score0.00695EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.10 views

SUSE CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 12:0 a.m.3 views

OPENSUSE-SU-2026:11118-1 jackson-databind-2.18.8-1.1 on GA media

These are all security issues fixed in the jackson-databind-2.18.8-1.1 package on the GA media of openSUSE Tumbleweed...

8.1CVSS5.8AI score0.00695EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/24 8:21 p.m.8 views

CVE-2026-54513

A flaw was found in jackson-databind, a library used for processing data. This vulnerability allows an attacker to bypass security controls designed to validate data types. By sending specially crafted input, an attacker can force the system to process untrusted data, which may lead to the...

8.1CVSS5.9AI score0.00695EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/24 2:24 p.m.5 views

WordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin Frisbii Pay versions = 1.8.2...

8.8CVSS5.8AI score0.00232EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:12 a.m.6 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and ifix. Vulnerability Details CVEID:CVE-2026-1605 DESCRIPTION: In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP...

7.5CVSS5.9AI score0.00625EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-54518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4,...

6.5CVSS6.1AI score0.00211EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-50193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential...

7.5CVSS6.1AI score0.00616EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4,...

5.3CVSS6.1AI score0.00282EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54514

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4,...

5.3CVSS6AI score0.00219EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.40 views

Linux Distros Unpatched Vulnerability : CVE-2026-54515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, ...

5.3CVSS6AI score0.00345EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4,...

8.1CVSS6AI score0.00617EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.50 views

Linux Distros Unpatched Vulnerability : CVE-2026-54513

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4,...

8.1CVSS5.9AI score0.00695EPSS
Exploits0References4
Rows per page
Query Builder