323 matches found
GHSA-2X79-GWQ3-VXXM Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem
Summary fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a parse error. Because iodine vendors the same parser code, the issue also affects iodine when it parses...
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem
Summary fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a parse error. Because iodine vendors the same parser code, the issue also affects iodine when it parses...
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem
Summary fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100 instead of returning a parse error. Because iodine gem vendors the same parser code, the issue also affects iodine gem when it...
CVE-2026-39979
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...
EUVD-2026-22128
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...
CVE-2026-39979
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...
CVE-2026-5011
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...
EUVD-2026-16942
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...
CVE-2026-5011
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...
CVE-2026-5011 elecV2 elecV2P JSON webhook runJSFile code injection
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...
CVE-2026-5011
CVE-2026-5011 affects elecV2 elecV2P up to version 3.8.3. The vulnerability resides in the JSON Parser component, specifically the runJSFile function in the /webhook file. Manipulating the argument rawcode can lead to code injection, enabling remote exploitation. Public exploit exists and may be ...
CVE-2026-5011
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...
CVE-2026-5011 elecV2 elecV2P JSON webhook runJSFile code injection
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...
PT-2026-28725
Name of the Vulnerable Software and Affected Versions elecV2 versions prior to 3.8.4 Description A code injection issue exists in the JSON Parser component due to manipulation of the rawcode argument within the runJSFile function of the /webhook file. Remote exploitation is possible. The project...
Linux Distros Unpatched Vulnerability : CVE-2026-33228
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direc...
CVE-2026-25790
Wazuh CVE-2026-25790 affects the Security Configuration Assessment (SCA) decoder in wazuh-analysisd, with stack-based buffer overflows from using sprintf(value, "%lf", …) into a fixed 128-byte buffer. The vulnerability exists in multiple locations within /src/analysisd/decoders/security_configura...
CVE-2026-25790 Wazuh has Stack-Based Buffer Overflow in Security Configuration Assessment JSON Parser
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment SCA decoder wazuh-analysisd. The use of sprintf with a...
CVE-2026-32141
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...
Linux Distros Unpatched Vulnerability : CVE-2026-29062
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before versio...
CVE-2026-29062
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constrai...