Lucene search
K

47 matches found

CVE
CVE
added 2026/03/19 10:1 p.m.10 views

CVE-2026-30873

CVE-2026-30873 affects OpenWrt Project’s jsonpath component, specifically the jp_get_token function used during lexical analysis. In OpenWrt releases prior to 24.10.6 and 25.12.1, memory allocated for strings, field labels, and regular expressions is copied to a new jp_opcode object without freei...

4.9CVSS5.7AI score0.00515EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/19 10:1 p.m.13 views

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

2.4CVSS5.8AI score0.00515EPSS
Exploits0References5
NVD
NVD
added 2026/02/13 6:16 p.m.10 views

CVE-2026-21870

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

5.5CVSS0.0024EPSS
Exploits1References3
CVE
CVE
added 2026/02/13 5:58 p.m.17 views

CVE-2026-21870

The CVE-2026-21870 affects the BACnet Protocol Stack library, specifically versions 1.4.2, 1.5.0.rc2 and earlier. The root cause is an off-by-one, stack-based buffer overflow in the ubasic interpreter’s tokenizer_string function. It mishandles null termination for maximum-length strings, writing ...

5.5CVSS6AI score0.0024EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/13 5:58 p.m.4 views

CVE-2026-21870 The BACnet Protocol Stack library has an Off-by-one Stack-based Buffer Overflow in tokenizer_string

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

5.5CVSS6AI score0.0024EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.7 views

BACnet Protocol Stack 安全漏洞

BACnet Protocol Stack is a library suitable for various platforms, designed to provide communication services at the BACnet application layer, network layer, and Media Access Layer MAC. Versions of BACnet Protocol Stack such as 1.4.2, 1.5.0.rc2, and earlier versions have security vulnerabilities...

5.5CVSS6.1AI score0.0024EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/21 7:25 p.m.5 views

CVE-2026-23955 EVerest vulnerable to concatenation of strings literal and integers

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

4.2CVSS5.5AI score0.00164EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987333)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987333 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery...

7.1CVSS6.3AI score0.0023EPSS
Exploits0References4
NVD
NVD
added 2024/05/21 3:15 p.m.30 views

CVE-2021-47262

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complet...

7.1CVSS6.6AI score0.0023EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/12/20 9:41 a.m.4 views

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4.3CVSS7.4AI score0.02775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/12/13 3:36 p.m.4 views

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4.3CVSS7.4AI score0.02775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/12/11 9:59 a.m.4 views

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4.3CVSS7.4AI score0.02775EPSS
Exploits0References6
NVD
NVD
added 2023/12/10 6:15 p.m.24 views

CVE-2023-5868

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4.3CVSS0.02775EPSS
Exploits0References27
OSV
OSV
added 2023/12/10 6:15 p.m.25 views

CVE-2023-5868

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4.3CVSS6AI score0.02775EPSS
Exploits0References27
Prion
Prion
added 2023/12/10 6:15 p.m.35 views

Design/Logic Flaw

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4CVSS6.5AI score0.02775EPSS
Exploits0References26Affected Software16
Cvelist
Cvelist
added 2023/12/10 5:56 p.m.44 views

CVE-2023-5868 Postgresql: memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4.3CVSS6.6AI score0.02775EPSS
Exploits0References25
RedHat Linux
RedHat Linux
added 2023/12/07 8:26 a.m.4 views

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4.3CVSS7.4AI score0.02775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/12/06 9:55 a.m.4 views

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4.3CVSS7.4AI score0.02775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/12/06 9:51 a.m.3 views

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4.3CVSS7.4AI score0.02775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/12/05 4:10 p.m.2 views

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4.3CVSS7.4AI score0.02775EPSS
Exploits0References6
Rows per page
Query Builder