Lucene search
K

2855 matches found

UbuntuCve
UbuntuCve
added 2026/05/11 6:16 p.m.9 views

CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References2
OSV
OSV
added 2026/05/11 6:16 p.m.6 views

UBUNTU-CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/11 5:24 p.m.43 views

CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS0.00154EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/11 5:24 p.m.13 views

EUVD-2026-29174

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:24 p.m.10 views

CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/11 5:24 p.m.28 views

CVE-2026-43896

CVE-2026-43896 (jq) : In jq versions 1.8.1 and earlier, unbounded recursion in the function jv_object_merge_recursive() can cause a crafted jq program to crash the process with a segfault when using the object operator (*) on two objects. Affected component is the jq JSON processor; the vulnerabi...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/11 5:24 p.m.11 views

CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1
OSV
OSV
added 2026/05/11 4:10 p.m.3 views

GHSA-MHWJ-73QX-JQXM @theecryptochad/merge-guard has Prototype Pollution in its deepMerge() function

Summary @theecryptochad/merge-guard versions prior to 1.0.1 are vulnerable to Prototype Pollution via the deepMerge function. An attacker who controls the source object can inject proto keys that mutate Object.prototype, affecting all objects in the Node.js runtime. Details The deepMerge function...

7.5CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 4:10 p.m.13 views

@theecryptochad/merge-guard has Prototype Pollution in its deepMerge() function

Summary @theecryptochad/merge-guard versions prior to 1.0.1 are vulnerable to Prototype Pollution via the deepMerge function. An attacker who controls the source object can inject proto keys that mutate Object.prototype, affecting all objects in the Node.js runtime. Details The deepMerge function...

5.9AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/11 4:30 a.m.71 views

CVE-2026-8273 D-Link DNS-320 system_mgr.cgi cgi_merge_user os command injection

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

5.8CVSS0.04544EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:30 a.m.9 views

CVE-2026-8273

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

5.8CVSS5.7AI score0.04544EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 4:30 a.m.8 views

CVE-2026-8273 D-Link DNS-320 system_mgr.cgi cgi_merge_user os command injection

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

5.8CVSS5.7AI score0.04544EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities; these vulnerabilities stem from unbounded recursion in jvobjectmergerecursive. This recursion allows malicious programs to cause program crashes with...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.26 views

PT-2026-39572

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi set host/cgi set ntp/cgi fan control/cgi merge user of the file /cgi-bin/system mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

5.8CVSS5.7AI score0.04544EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-43896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a...

6.2CVSS5.5AI score0.00154EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/09 2:25 a.m.6 views

CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References15
Cvelist
Cvelist
added 2026/05/09 2:25 a.m.57 views

CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS0.00719EPSS
Exploits0References15
EUVD
EUVD
added 2026/05/09 2:25 a.m.11 views

EUVD-2026-28881

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/05/09 2:25 a.m.7 views

CVE-2026-7652

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References16
CVE
CVE
added 2026/05/08 2:40 p.m.27 views

CVE-2026-41574

CVE-2026-41574 affects Nhost’s OAuth linking logic in the Go controller. The defect stems from trusting a provider’s EmailVerified flag when linking an incoming OAuth identity to an existing account. Several providers (Discord, Bitbucket, AzureAD, EntraID) either do not populate or misreport emai...

9.8CVSS5.8AI score0.00809EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder