Lucene search
K

94 matches found

Debian CVE
Debian CVE
added 3 days ago4 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS5.9AI score0.00117EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53172

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPUSETIFMREGION extracts the region index with param & 0x7f, giving a maximum value o...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.7 views

Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling

Summary Oj::Parserparse in usual mode with createid enabled is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer truncation in formattr usual.c:63 converts the length to -1 before passing it to memcpy. This causes memcpy to...

6.3CVSS5.9AI score0.00253EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/06/16 8:52 a.m.92 views

objdump-dlx-calc-poc

objdump dlx calc poc Small repro for an objdump -g crash-to...

5.3AI score
Exploits0
FreeBSD
FreeBSD
added 2026/06/12 12:0 a.m.5 views

gstreamer1 -- multiple vulnerabilities

The GStreamer project reports: Multiple security issues were identified and fixed in the GStreamer framework. GStreamer-SA-2026-0030: Missing bounds checks in RTCP SDES packet parsing GStreamer-SA-2026-0031: Integer overflow and truncation in MXF demuxer GStreamer-SA-2026-0032: Out-of-bounds read...

8.8CVSS5.9AI score0.00489EPSS
Exploits0References17
Cvelist
Cvelist
added 2026/06/05 4:9 p.m.39 views

CVE-2026-48111 GHSL-2026-121 7-Zip UEFI DEPEX OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parserCPP/7zip/Archive/UefiHandler.cpp. The function validates an attacker-controlled opco...

4.3CVSS0.00225EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/04 2:34 p.m.10 views

EUVD-2026-34287

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 12:0 a.m.8 views

CVE-2026-48682

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simplepacketparserng.cpp, after validating that the packet contains at least sizeofipv4headert bytes 20 bytes, the code advances the localpointer by '4 ipv4header-getihl' line 164 without...

5.9AI score0.00267EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.14 views

openSUSE 16 Security Update : apptainer (openSUSE-SU-2026:20730-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20730-1 advisory. Changes in apptainer: - Fix CVE-2026-34986 bsc1262956 github.com/go-jose/go-jose/[email protected] CVE-2026-33186 GO-2026-4762 bsc1260311...

9.9CVSS7.3AI score0.91969EPSS
Exploits8References55
Github Security Blog
Github Security Blog
added 2026/05/08 10:56 p.m.14 views

free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

Summary free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/05/08 10:56 p.m.8 views

GHSA-F8QV-7X5W-QR48 free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

Summary free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/05/08 7:15 a.m.7 views

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

2.9CVSS5.8AI score0.00211EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 7:15 a.m.9 views

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

2.9CVSS5.8AI score0.00211EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 5:47 a.m.6 views

BIT-JRE-2025-47219

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetrak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

8.1CVSS5.9AI score0.00578EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39255

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The NRF root SBI endpoint "POST /oauth2/token" contains a parser-level type-confusion bug. The handler in NFs/nrf/internal/sbi/api accesstoken.go uses reflection over...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References8
SUSE Linux
SUSE Linux
added 2026/05/07 11:53 a.m.7 views

Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques bsc1262115. CVE-2026-5795: Fixed JaspiAuthenticator broken access control...

9.1CVSS5.8AI score0.01127EPSS
Exploits1References8
Snyk
Snyk
added 2026/05/05 5:24 p.m.10 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion in the Parser process. An attacker can cause process termination and denial of service by submitting a specially crafted, deeply nested input that exhausts the stack and triggers a...

8.8CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2026/04/29 6:52 p.m.37 views

CVE-2026-7425 Out-of-Bounds Read in Router Advertisement Option Parser in FreeRTOS-Plus-TCP

Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service device crash by sending a crafted Router Advertisement with a truncated PREFIXINFORMATION option that is smalle...

6.5CVSS0.00233EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/29 6:51 p.m.5 views

EUVD-2026-26277

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service permanent IP task freeze requiring hardware reset ...

8.1CVSS5.3AI score0.00223EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.12 views

PT-2026-33733

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse openai plugin json to tool bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery...

6.5CVSS6.1AI score0.00206EPSS
Exploits0References5
Rows per page
Query Builder