Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

130 matches found

OSV
OSVadded 2026/05/06 11:5 p.m.3 views

GHSA-2CWQ-PWFR-WCW3 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...

7.5CVSS5.9AI score0.00055EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/05/06 12:0 a.m.12 views

PT-2026-38312

Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...

7.5CVSS5.9AI score0.00055EPSS
Exploits0References8
NVD
NVDadded 2026/03/26 8:16 p.m.1 views

CVE-2026-32284

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

7.5CVSS0.00085EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/03/26 7:40 p.m.1 views

CVE-2026-32284

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

6AI score0.00085EPSS
Exploits1References4
Snyk
Snykadded 2026/03/23 6:14 p.m.1 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper validation of input in the fixext process. An attacker can cause the application to panic and terminate unexpectedly by sending specially crafted MessagePack data. Remediation There is no fixed version...

8.7CVSS5.9AI score
Exploits0References3
Snyk
Snykadded 2026/03/23 6:14 p.m.1 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper validation of input in the fixext process. An attacker can cause the application to panic and terminate unexpectedly by sending specially crafted MessagePack data. Remediation There is no fixed version...

8.7CVSS5.9AI score
Exploits0References3
Snyk
Snykadded 2026/03/23 6:14 p.m.2 views

Out-of-bounds Read

Overview github.com/shamaton/msgpack/v3/internal/decoding is a None Affected versions of this package are vulnerable to Out-of-bounds Read. due to improper validation of input in the fixext process. An attacker can cause the application to panic and terminate unexpectedly by sending specially...

8.7CVSS5.8AI score
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/16 10:29 p.m.3 views

CVE-2026-2454

A denial of service flaw has been discovered in mattermost server. Affected versions fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mitigation...

8.6CVSS5.6AI score0.00127EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/16 8:10 p.m.2 views

CVE-2026-2454 DoS in Calls plugin via malformed msgpack in websocket request.

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References1
OSV
OSVadded 2026/03/05 8:16 p.m.9 views

PYSEC-2026-83

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

7.2CVSS5.8AI score0.00332EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/05 7:10 p.m.2 views

CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

6.8CVSS5.8AI score0.00332EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/03/05 12:0 a.m.2 views

PT-2026-23498

Name of the Vulnerable Software and Affected Versions LangGraph versions 1.0.9 and earlier Description LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker gains privileged write access to the checkpoint data store e.g...

7.2CVSS6.5AI score0.00332EPSS
Exploits0References13
Veracode
Veracodeadded 2026/01/07 6:16 a.m.5 views

Denial-of-Service (DoS)

MessagePack for Java is vulnerable to a Denial-Of-Service DoS . The vulnerability is due to unbounded memory allocation during deserialization, where the library trusts attacker-controlled EXT32 payload length metadata and allocates a byte array of that declared size when ExtensionValue.getData i...

7.5CVSS6.6AI score0.00033EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2026/01/05 2:59 p.m.1 views

GHSA-CW39-R4H6-8J3X MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation

Summary Affected Components: org.msgpack.core.MessageUnpacker.readPayload org.msgpack.core.MessageUnpacker.unpackValue org.msgpack.value.ExtensionValue.getData A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with...

7.5CVSS5.9AI score0.00033EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2026/01/05 2:59 p.m.8 views

MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation

Summary Affected Components: org.msgpack.core.MessageUnpacker.readPayload org.msgpack.core.MessageUnpacker.unpackValue org.msgpack.value.ExtensionValue.getData A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with...

7.5CVSS6.6AI score0.00033EPSS
Exploits1References5Affected Software1
EUVD
EUVDadded 2026/01/05 2:59 p.m.3 views

EUVD-2026-0750

MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation...

7.5CVSS6.1AI score0.00033EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/01/03 9:4 p.m.2 views

CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

7.5CVSS6.8AI score0.00033EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2026/01/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-21452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack...

7.5CVSS6.9AI score0.00033EPSS
Exploits1References3
OSV
OSVadded 2026/01/02 9:16 p.m.1 views

DEBIAN-CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

7.5CVSS7.8AI score0.00033EPSS
Exploits1References1
NVD
NVDadded 2026/01/02 9:16 p.m.4 views

CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

7.5CVSS0.00033EPSS
Exploits1References3
Rows per page
Query Builder