CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

CVE-2026-44375

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS5.6AI score0.00055EPSS

Exploits0References1

NVD•added 2026/05/14 3:16 p.m.•7 views

CVE-2026-44375

7.5CVSS0.00055EPSS

Exploits0References4

EUVD•added 2026/05/14 2:32 p.m.•6 views

EUVD-2026-30299

7.5CVSS5.9AI score0.00055EPSS

Exploits0References4

CVE•added 2026/05/14 2:32 p.m.•6 views

CVE-2026-44375

The CVE-2026-44375 entry affects Nerdbank.MessagePack. The vulnerability arises in DateTime decoding where the reader can be fed a malicious MessagePack payload declaring an oversized timestamp extension length, enabling an attacker-controlled amount of stack memory to be allocated via stackalloc...

7.5CVSS5.9AI score0.00055EPSS

Exploits0References4

Vulnrichment•added 2026/05/14 2:32 p.m.•4 views

CVE-2026-44375 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

7.5CVSS5.9AI score0.00055EPSS

Exploits0References4

ATTACKERKB•added 2026/05/14 2:32 p.m.•3 views

CVE-2026-44375

7.5CVSS5.9AI score0.00055EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/05/06 12:0 a.m.•4 views

PT-2026-38312

Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...

7.5CVSS5.9AI score0.00055EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by