424 matches found
Razer Sila Gaming Router - Remote Code Execution
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. id: CVE-2022-29013 info: name: Razer Sila Gaming Router - Remote Code Execution author: DhiyaneshDK severity: critical descriptio...
Astra Linux – Vulnerability in cjson
In versions of cJSON 1.5.0 through 1.7.18, the decodearrayindexfrompointer function in cJSONUtils.c allows for out-of-bounds access. This enables remote attackers to bypass array bounds checking and access restricted data through malformed JSON pointer strings containing alphanumeric characters...
Astra Linux – Vulnerability in cjson
It has been discovered that cJSON v1.7.16 contains a segmentation violation due to the use of the cJSONSetValuestring function in the cJSON.c file...
CVE-2026-49847 FreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSON
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...
FuzzPilot: Plateau-Triggered Recipe Validation for Structured Text Fuzzing
FuzzPilot is a controller for AFL++ that moves expensive reasoning out of the mutation hot path. When coverage plateaus, it snapshots the corpus, prepares candidate mutation recipes, evaluates them in short isolated AFL++ micro-campaigns, and promotes only recipes with positive validation reward...
Astra Linux – Vulnerability in cjson
It has been discovered that cJSON v1.7.16 contains a segmentation violation due to the use of the cJSONInsertItemInArray function in the cJSON.c library...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. A specially crafted Lua script executed in Redis can trigger a heap overflow in the cjson library, leading to heap corruption and potentially remote code execution. This issue exists in all versions of Redis that support Lua scripting,...
Ubuntu: Security Advisory (USN-8169-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-8169-1 redis, lua5.1, lua-cjson, lua-bitop vulnerabilities
It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was only addressed in lua5.1 on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2025-49844 It was...
CVE-2026-34608
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhookinproc.c, the hookworkcb function processes nng messages by parsing the message body with cJSONParsebody. The body is obtained from nngmsgbodymsg, which is a binary buffer without a...
CVE-2026-34608
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhookinproc.c, the hookworkcb function processes nng messages by parsing the message body with cJSONParsebody. The body is obtained from nngmsgbodymsg, which is a binary buffer without a...
CVE-2026-34608 nanomq: Heap-Buffer-Overflow in webhook_inproc.c via cJSON_Parse OOB Read
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhookinproc.c, the hookworkcb function processes nng messages by parsing the message body with cJSONParsebody. The body is obtained from nngmsgbodymsg, which is a binary buffer without a...
NanoMQ 安全漏洞
NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. There is a security vulnerability in NanoMQ, which stems from the use of the hookworkcb function to parse message bodies using cJSONParse. This leads to out-of-bounds read access to unallocated memory...
PT-2026-29862
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhook inproc.c, the hook work cb function processes nng messages by parsing the message body with cJSON Parsebody. The body is obtained from nng msg bodymsg, which is a binary buffer withou...
CVE-2026-4743
NULL Pointer Dereference vulnerability in taurusxin ncmdump src/utils modules. This vulnerability is associated with program files cJSON.Cpp. This issue affects ncmdump: before 1.4.0...
EUVD-2026-14700
NULL Pointer Dereference vulnerability in taurusxin ncmdump src/utils modules. This vulnerability is associated with program files cJSON.Cpp. This issue affects ncmdump: before 1.4.0...
CVE-2026-4743
NULL Pointer Dereference vulnerability in taurusxin ncmdump src/utils modules. This vulnerability is associated with program files cJSON.Cpp. This issue affects ncmdump: before 1.4.0...
CVE-2026-4743
NULL Pointer Dereference vulnerability in taurusxin ncmdump src/utils modules. This vulnerability is associated with program files cJSON.Cpp. This issue affects ncmdump: before 1.4.0...
CVE-2026-4743 Null-Pointer Dereference Vulnerability in taurusxin/ncmdump
NULL Pointer Dereference vulnerability in taurusxin ncmdump src/utils modules. This vulnerability is associated with program files cJSON.Cpp. This issue affects ncmdump: before 1.4.0...
ncmdump 安全漏洞
ncmdump is a software developed by TaurusXin, a personal developer in China. It allows converting downloaded NetEase Cloud Music cache files ncm into MP3 or FLAC formats. Versions of ncmdump prior to 1.4.0 contained security vulnerabilities; these vulnerabilities were caused by null pointer...