996 matches found
CVE-2026-46635
Twig before 3.26.0 allows a sandbox bypass via the column filter (array_column on objects): when rendering with column in allowedFilters, object arrays passed to PHP’s array_column() read public and magic properties directly, bypassing SandboxExtension::checkPropertyAllowed(). This bypass occurs ...
netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays
A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending a specially crafted Redis payload containing deeply nested arrays. This action forces the server to allocate a large number of state objects and collections, leading to memory exhaustion...
CVE-2026-49866 libp2p: CPU DoS via oversized IHAVE and IWANT control message arrays
libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwantMessageIDs to Infinity, allowing oversized IHAVE and IWANT control message arrays in message/decodeRpc.ts and gossipsub.ts to synchronousl...
OESA-2026-2806 jq security update
jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...
OESA-2026-2805 jq security update
jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...
OESA-2026-2804 jq security update
jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...
PYSEC-2026-723 Out-of-bounds Read in OpenCV
An out-of-bounds read was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.0.25. Specifically, variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this is not true when dealing with small images, leading...
Malicious code in endpointmap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa2ddbcbdd90508af14415a021644c1ab8a57e432b526425e4c5128b23f897bb endpointmap advertises itself as a REST endpoint registry but exhibits a two-package smuggle pattern. lib/registry.js exports two non-printable byte...
MAL-2026-6588 Malicious code in endpointmap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa2ddbcbdd90508af14415a021644c1ab8a57e432b526425e4c5128b23f897bb endpointmap advertises itself as a REST endpoint registry but exhibits a two-package smuggle pattern. lib/registry.js exports two non-printable byte...
CVE-2026-40083
Cacti 1.2.30 and earlier are impacted by an SQL Injection in managers.php. The vulnerability arises from unsanitized data flow: user-supplied selected_graphs_array is deserialized via cacti_unserialize (unserialize with allowed_classes = false), then deserialized values are directly concatenated ...
EUVD-2026-38363
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments...
GHSA-QHMF-XW27-6RQR MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments
Summary MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generic typ...
EUVD-2026-38381
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions...
GHSA-CXMJ-83GH-FP49 MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions
Summary MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the dimension product matches the encoded element count. The formatter reads a guarded element array header, but allocation of the...
CVE-2026-47770
jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...
CVE-2026-47770 jq: stack overflow in deep structural equality
jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...
CVE-2026-47770
The CVE-2026-47770 issue affects jq (the JSON processor) where comparing deeply nested arrays with the == operator can cause stack exhaustion via recursive structural comparison in src/jv.c (jvp_array_equal, jv_equal) and overflow in jv_cmp in src/jv_aux.c. This leads to a denial of service on at...
CVE-2026-47770
jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...
dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption
A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...
CVE-2026-48517
MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType as a safety check for dangerous types. The default implementation checks the outer type nam...