Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

34034 matches found

CVE
CVEadded 2026/05/11 5:16 p.m.15 views

CVE-2026-40612

CVE-2026-40612 affects jq (1.8.1 and earlier). The root cause is an unbounded recursion in the function jv_contains that recurses into nested arrays/objects with no depth limit, eventually exhausting the C stack when presented with a deeply nested input (constructed programmatically with reduce, ...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/05/11 5:16 p.m.42 views

CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

6.8CVSS0.00161EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/11 5:14 p.m.4 views

CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

7.3CVSS5.8AI score0.00142EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/11 5:14 p.m.8 views

EUVD-2026-29163

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

7.3CVSS5.8AI score0.00142EPSS
Exploits1References1
CVE
CVEadded 2026/05/11 5:14 p.m.13 views

CVE-2026-41257

The CVE concerns jq (1.8.1 and earlier) where the bytecode VM’s data stack uses a signed int to track allocation size. When the stack grows beyond ~1 GiB (e.g., via deeply nested generator forks), the doubling arithmetic overflows, causing the wrapped value to be passed to realloc and then used f...

7.3CVSS5.8AI score0.00142EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinuxadded 2026/05/11 5:14 p.m.9 views

CVE-2026-41257

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

7.3CVSS5.8AI score0.00142EPSS
Exploits1References1
SUSE CVE
SUSE CVEadded 2026/05/11 2:16 p.m.10 views

SUSE CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

5.3CVSS6AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/05/11 2:13 p.m.21 views

SUSE CVE-2026-43380

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 fix stack overflow in debugfs read The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex. The function currently passes 'data' as the...

7.8CVSS6AI score0.00143EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/11 3:31 a.m.10 views

EUVD-2026-29014

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

5.3CVSS6.2AI score0.00123EPSS
Exploits0References6
NVD
NVDadded 2026/05/11 2:16 a.m.13 views

CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

5.3CVSS0.00123EPSS
Exploits0References5
OSV
OSVadded 2026/05/11 2:16 a.m.3 views

DEBIAN-CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

4.8CVSS6.2AI score0.00123EPSS
Exploits0References1
Snyk
Snykadded 2026/05/11 2:13 a.m.7 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the validateformat function. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted input that triggers a stack-based buffer overflow. Remediation A fix was push...

5.3CVSS6.7AI score0.00123EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/11 12:45 a.m.4 views

CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

5.3CVSS6.2AI score0.00123EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/11 12:45 a.m.48 views

CVE-2026-8258 Squirrel sqstdstring.cpp validate_format stack-based overflow

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

5.3CVSS0.00123EPSS
Exploits0References5
CVE
CVEadded 2026/05/11 12:45 a.m.26 views

CVE-2026-8258

CVE-2026-8258 affects Squirrel (up to 3.2), specifically the validate_format function in sqstdlib/sqstdstring.cpp, which can cause a stack-based buffer overflow via local manipulation. The vulnerability is local-exploitable; an exploit has been published and may be used. No remediation details ar...

5.3CVSS6.2AI score0.00123EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/11 12:45 a.m.5 views

CVE-2026-8258 Squirrel sqstdstring.cpp validate_format stack-based overflow

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

5.3CVSS6.2AI score0.00123EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2026/05/11 12:45 a.m.4 views

CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

5.3CVSS6.2AI score0.00123EPSS
Exploits0
CNNVD
CNNVDadded 2026/05/11 12:0 a.m.6 views

SQUIRREL 缓冲区错误漏洞

SQUIRREL is a programming language developed by Alberto Demichelis. It is the stable version of SQUIRREL 3.2. Versions of SQUIRREL 3.2 and earlier had a buffer error vulnerability, which stemmed from a stack buffer overflow in the validateformat function within the sqstdlib/sqstdstring.cpp librar...

5.3CVSS6.3AI score0.00123EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/11 12:0 a.m.6 views

jq 输入验证错误漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the use of signed integers for the stack allocation size in the jq bytecode virtual machine. Wh...

7.3CVSS5.8AI score0.00142EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: opensc (UTSA-2026-017704)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017704 advisory. The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in scpkcs15emugemsafeGPKinit. Tenable has extracted the...

5.5CVSS6AI score0.00396EPSS
Exploits0References4
Rows per page
Query Builder