24 matches found
CVE-2026-54901
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...
CVE-2026-54898
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...
CVE-2026-54897
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed...
CVE-2026-54896
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...
CVE-2026-54899
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but...
CVE-2026-48764
TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...
CVE-2026-48764
TypeBot suffers an SSRF in HTTP request and script fetch flows prior to version 3.17.2. The root cause is a time‑of‑check/time‑of‑use gap: the hostname is validated once against a forbidden range, but the subsequent request resolves the hostname again and may connect to a different IP, enabling D...
CVE-2026-48764 TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass
TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...
PT-2026-50572
TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...
Important: Red Hat Security Advisory: Red Hat Quay 3.17.2
Red Hat Quay 3.17.2 is now available with bug fixes. Quay 3.17.2...
CVE-2026-4420
Summary: CVE-2026-4420 affects Bludit with a Stored XSS in the “page creating” flow. An authenticated user with page-creation privileges (Author/Editor/Admin) can insert a malicious script into the tags field when creating an article. The payload executes when a victim visits the uploaded resourc...
EUVD-2026-16581
Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...
CVE-2026-25101
Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...
CVE-2026-25101
Bludit exposes a session fixation vulnerability: an attacker can set a user’s session ID before authentication, and the ID persists after login, enabling session hijacking. The issue affects Bludit and is fixed in version 3.17.2. Metrics indicate a high-impact CVSS base score (C/H I/H A/H) with n...
CVE-2026-25101 Session Fixation in Bludit
Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...
CVE-2026-25101 Session Fixation in Bludit
Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...
CVE-2026-25101
Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...
PT-2026-28341
Name of the Vulnerable Software and Affected Versions Bludit versions prior to 3.17.2 Description Bludit allows a user's session identifier to be set before authentication. The session ID remains consistent even after authentication, potentially allowing an attacker to fixate a session ID for a...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002444)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002444 advisory. The sctpassoclookupasconfack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial...
EUVD-2014-3633
Malware in sbrugna...