Lucene search
K

224 matches found

OSV
OSV
added 2026/06/25 6:46 p.m.5 views

GHSA-VH6J-JC39-FGGF MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth

Summary MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the library's documented protection against deeply nested object graphs. Many...

7.5CVSS5.9AI score0.00275EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 10:16 p.m.7 views

CVE-2026-48506

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...

7.5CVSS0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:18 p.m.3 views

CVE-2026-48502

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension...

8.2CVSS5.9AI score0.00255EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:14 p.m.25 views

CVE-2026-48512 MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack...

6.3CVSS0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51392

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The MessagePackReader.TrySkip function recursively descends into nested arrays and maps without incrementing the reader depth or triggering...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References7
NVD
NVD
added 2026/06/10 12:16 a.m.13 views

CVE-2026-41711

Applications using Spring Data Commons may be vulnerable to a Denial of Service DoS attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through...

5.9CVSS0.0028EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 2:32 p.m.8 views

CVE-2026-44375 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS5.9AI score0.00358EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/14 2:32 p.m.90 views

CVE-2026-44375 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS0.00358EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 11:5 p.m.10 views

Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...

7.5CVSS5.9AI score0.00358EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/05/06 11:5 p.m.71 views

GHSA-2CWQ-PWFR-WCW3 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...

7.5CVSS5.9AI score0.00358EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.15 views

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1617)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1617 advisory. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, a...

9.1CVSS5.9AI score0.00621EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

tinyobjloader 安全漏洞

tinyobjloader is an application developed by Dan Kiyochi. There is a security vulnerability in tinyobjloader, which stems from the experimental/tinyobjloaderopt.h file containing a stack overflow issue, potentially leading to denial-of-service attacks...

6.2CVSS5.8AI score0.00173EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/11/10 8:47 p.m.11 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.7CVSS6.8AI score0.02772EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-8748

Malware in sbrugna...

9.8CVSS9.2AI score0.03945EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28482

Malicious code in bioql PyPI...

8.7CVSS7AI score0.00634EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1319

Malicious code in bioql PyPI...

7.5CVSS7.2AI score0.0486EPSS
Exploits1References40
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1914

Malicious code in bioql PyPI...

4.9CVSS5AI score0.00529EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6839

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.01025EPSS
Exploits1References18
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-10263

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00549EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/11 7:39 p.m.5 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.12 security update

A new security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This upda...

8.7CVSS6.9AI score0.00634EPSS
Exploits0References2
Rows per page
Query Builder