JLSEC-2026-507

LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parserselectors.cpp...

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

avalon-filter-rce

Title: Prototype Escape and Remote Code Execution in RubyLouv...

CVE-2024-13971

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

CVE-2024-39847

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

sec-recon-agent

sec-recon-agent Type-safe security triage built on Pydantic A...

PT-2026-41681

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enet encap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled item count value that is not consistently...

lwip 缓冲区错误漏洞

lwIP is an open-source implementation of the TCP/IP protocol stack developed by lwIP Developers. Versions of lwIP 2.2.1 and earlier contained a buffer error vulnerability. This vulnerability originated from the function snmpparseinboundframe in the SNMPv3 USM Handler component. The operation of t...

CVE-2026-38719

OpENer 2.3-558-g1e99582 contains an out-of-bounds read in the CPF parser (CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c). A crafted ENIP/CPF message can supply an attacker-controlled item_count that is not consistently validated against the remaining data_length of the CPF sl...

CVE-2026-38719

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enetencap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled itemcount value that is not consistently...

PT-2026-41791

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions 0.7.0 through 0.8.x Description An integer overflow exists in the memcached text protocol parser of OpenTelemetry eBPF Instrumentation OBI. When parsing memcached storage commands such as set, add,...

Security Bulletin: IBM SPSS Modeler is affected by a jackson-core async parser DoS vulnerability (WS-2026-0003)

Summary IBM SPSS Modeler is affected by a jackson-core async parser DoS vulnerability WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint...

CVE-2026-8735 Oinone Pamirs appConfigQuery PamirsParserConfig.java JsonUtils.parseMap deserialization

A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit is publicly availab...

CVE-2026-8735 Oinone Pamirs appConfigQuery PamirsParserConfig.java JsonUtils.parseMap deserialization

A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit is publicly availab...

CVE-2026-8735

A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit is publicly availab...

CVE-2026-8728 Open5GS NRF conv.c ogs_sbi_discovery_option_parse_plmn_list denial of service

A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogssbidiscoveryoptionparseplmnlist in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument target-plmn-list leads to denial of service. The attack can be executed...

CVE-2026-8728 Open5GS NRF conv.c ogs_sbi_discovery_option_parse_plmn_list denial of service

A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogssbidiscoveryoptionparseplmnlist in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument target-plmn-list leads to denial of service. The attack can be executed...

PT-2026-41520

A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit is publicly availab...

DataEase 注入漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Version 2.10.20 of DataEase contains a injection vulnerability. This...