Lucene search
K

35 matches found

NVD
NVD
added 6 hours ago5 views

CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...

7.5CVSS
Exploits0References5
Cvelist
Cvelist
added 7 hours ago7 views

CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...

7.5CVSS
Exploits0References5
CVE
CVE
added 7 hours ago8 views

CVE-2026-9563

Eclipse Parsson JSON parser did not enforce a default maximum on parsed characters before 1.1.8, allowing DoS from attacker-controlled JSON via very large documents. The fixed version, Parsson 1.1.8, adds a configurable limit with a default of 15 million parser-consumed characters. Affected: Ecli...

7.5CVSS5.8AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 7 hours ago5 views

CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...

7.5CVSS5.8AI score
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/27 9:33 p.m.55 views

GHSA-C2P3-7M5P-CV8X Symfony hardened the parser when handling untrusted input

Description Symfony\Component\Yaml\Parser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...

6.9CVSS5.8AI score0.00089EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-39825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses...

5.3CVSS5.9AI score0.0039EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/05/07 7:41 p.m.6 views

CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS5.8AI score0.0039EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/02 5:56 p.m.7 views

Security Bulletin: Rational Performance Tester contains vulnerabilities which could result in a potential denial of service

Summary Due to the use of the Jackson Data Processor, Rational Performance Tester contains vulnerabilities could result in a potentail denial of service attack. CVE-2025-52999, CVE-2022-0468 Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental...

8.8CVSS6.9AI score0.007EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/15 12:0 a.m.6 views

SUSE SLED15: libpython3_6m1_0 / libpython3_6m1_0-32bit / python3 / python3-base / etc (SUSE-SU-2025:02778-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02778-1 advisory. - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler...

9.4CVSS7AI score0.01184EPSS
Exploits14References28
OSV
OSV
added 2025/12/12 12:20 p.m.5 views

OESA-2025-2828 golang security update

. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...

7.5CVSS6.9AI score0.00626EPSS
Exploits0References5
OSV
OSV
added 2025/12/12 12:20 p.m.2 views

OESA-2025-2826 golang security update

. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...

5.3CVSS6.8AI score0.00534EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

Servify Express 资源管理错误漏洞

Servify Express is an express parcel form server by the individual developer Aaron doran. A resource management error vulnerability exists in Servify Express versions prior to 1.2 that stems from the Express server not setting a JSON parsing size limit, which could lead to a denial of service...

8.7CVSS6.3AI score0.00346EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 4: golang (TSSA-2024:0626)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0626 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.8CVSS7.4AI score0.91969EPSS
Exploits1References9
Amazon
Amazon
added 2025/11/10 12:0 a.m.10 views

Important: oci-add-hooks

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/11/10 12:0 a.m.5 views

Important: golist

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/11/10 12:0 a.m.6 views

Important: docker

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/11/10 12:0 a.m.6 views

Important: golist

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
OSV
OSV
added 2025/11/06 12:58 p.m.1 views

BIT-GOLANG-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

5.3CVSS6.6AI score0.00534EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2025/10/31 1:6 a.m.3 views

Lack of limit when parsing cookies can cause memory exhaustion in net/http

...

5.3CVSS7AI score0.00534EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/10/29 10:10 p.m.3 views

CVE-2025-58186

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

5.3CVSS7.8AI score0.00534EPSS
Exploits0
Rows per page
Query Builder