Lucene search
K

16928 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 9:17 p.m.5 views

CVE-2026-48506

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:16 p.m.6 views

CVE-2026-48510

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 9:16 p.m.21 views

CVE-2026-48510

CVE-2026-48510 affects MessagePack-CSharp (C#) prior to 2.5.301 and 3.1.7. When decompressing Lz4Block or Lz4BlockArray payloads, the library reads declared uncompressed lengths from the wire and allocates output buffers before validating the data, allowing a small payload to trigger a large allo...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 9:12 p.m.5 views

CVE-2026-48513 MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:12 p.m.18 views

CVE-2026-48513

CVE-2026-48513 (MessagePack-CSharp) affects the MessagePack serializer for C#. The vulnerability arises in runtime-generated union deserializers created by DynamicUnionResolver, which did not call DepthStep(ref reader) or decrement reader.Depth during recursive deserialization and skip paths. As ...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/22 6:16 p.m.9 views

CVE-2026-54277

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...

8.7CVSS0.00322EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:37 p.m.5 views

CVE-2026-54277

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...

8.7CVSS5.8AI score0.00322EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/22 4:37 p.m.33 views

CVE-2026-54277 AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...

8.7CVSS0.00322EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51392

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The MessagePackReader.TrySkip function recursively descends into nested arrays and maps without incrementing the reader depth or triggering...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2023 : mariadb-connector-c, mariadb-connector-c-config, mariadb-connector-c-devel (ALAS2023-2026-1873)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1873 advisory. An application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injection...

9.8CVSS5.9AI score0.00419EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-54277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an...

8.7CVSS5.9AI score0.00322EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.7 views

Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling

Summary Oj::Parserparse in usual mode with createid enabled is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer truncation in formattr usual.c:63 converts the length to -1 before passing it to memcpy. This causes memcpy to...

6.3CVSS5.9AI score0.00253EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.13 views

Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close

Summary Oj::Doc iterators eachvalue, eachchild, eachleaf are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed while the C iterator is still running. When control returns from the block, the iterator rea...

2.1CVSS6.1AI score0.00117EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 7:35 p.m.6 views

GHSA-FM7P-MPRW-WJM9 Oj: intern.c form_attr (uninitialized stack read)

Summary Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. Details In ext/oj/intern.c, formattr handles the...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typecaltmodeattention Some USB hubs will negotiate DisplayPort Alt mode with the device. However, they will then negotiate a data role swap after entering the Alt mode. This data role swa...

5.8AI score0.00173EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in libcaca

A flaw was discovered in libcaca v0.99.beta19. A buffer overflow issue in the cacaresize function in libcaca/caca/canvas.c may allow for the execution of arbitrary code in the user context...

7.8CVSS7.4AI score0.00565EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: Fixed a skb memory leak in the receive path. When midev-allowrx is set to false, the newly allocated skb is not consumed by netifrx. It is necessary to free the skb directly...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel before version 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. This could lead to an out-of-bounds write vulnerability...

7.8CVSS6.7AI score0.00266EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in glibc

The iconv function in the GNU C Library versions 2.39 and earlier may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set. This could potentially cause an application to crash or overwrite a neighboring variable...

7.3CVSS7.2AI score0.8833EPSS
Exploits16References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in glibc

NSCD: Stack-based buffer overflow in netgroup cache If the fixed-size cache of the Name Service Cache Daemon nscd is exhausted due to client requests, then a subsequent client request for netgroup data may lead to a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cach...

8.1CVSS7.2AI score0.0131EPSS
Exploits0References2
Rows per page
Query Builder