Lucene search
K

222 matches found

Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.9 views

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

6AI score0.0081EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.19 views

apscheduler 安全漏洞

apscheduler is a Python task scheduling and queueing system developed by Alex Grönholm. There are security vulnerabilities in the apscheduler 3.10.x version and 4.0.0a5 version. These vulnerabilities stem from the unmarshalobject function in JSONSerializer and CBORSerializer, which allows arbitra...

9.8CVSS6.3AI score0.0081EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-41945

Name of the Vulnerable Software and Affected Versions APScheduler affected versions not specified Description The JSONSerializer and CBORSerializer are subject to Remote Code Execution RCE through insecure deserialization. The unmarshal object function enables arbitrary class instantiation and...

9.8CVSS6AI score0.0081EPSS
Exploits0References17
CVE
CVE
added 2026/05/19 12:0 a.m.38 views

CVE-2026-31072

The vulnerability CVE-2026-31072 affects APScheduler’s JSONSerializer and CBORSerializer across all versions (including 3.10.x and 4.0.0a5). The root cause is insecure deserialization: the unmarshal_object function can instantiate arbitrary classes and inject state by dynamically importing module...

9.8CVSS6AI score0.0081EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/19 12:0 a.m.7 views

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6AI score0.0081EPSS
Exploits0
OSV
OSV
added 2026/05/07 2:7 a.m.8 views

GHSA-W239-58X2-Q8P5 go-ipld-prime's DAG-CBOR and DAG-JSON decoders have unbounded recursion depth

The DAG-CBOR and DAG-JSON decoders recurse on each nested map or list without a depth limit. A payload containing deeply nested collections causes the decoder to recurse once per level, growing the goroutine stack until the Go runtime terminates the process with a fatal stack overflow distinct fr...

6.2CVSS6AI score0.0012EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/07 2:7 a.m.16 views

go-ipld-prime's DAG-CBOR and DAG-JSON decoders have unbounded recursion depth

The DAG-CBOR and DAG-JSON decoders recurse on each nested map or list without a depth limit. A payload containing deeply nested collections causes the decoder to recurse once per level, growing the goroutine stack until the Go runtime terminates the process with a fatal stack overflow distinct fr...

6.2CVSS6AI score0.0012EPSS
Exploits0References3Affected Software1
Fedora
Fedora
added 2026/04/25 1:56 a.m.6 views

[SECURITY] Fedora 44 Update: python-cbor2-5.6.5-8.fc44

This library provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 7049 serialization format...

7.5CVSS5.2AI score0.00422EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/04/20 11:26 p.m.8 views

SUSE CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

9.8CVSS5.8AI score0.00296EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/18 12:31 a.m.5 views

EUVD-2026-23535

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

8.8CVSS6AI score0.00296EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-29013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on...

9.8CVSS5.5AI score0.00296EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:41 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the getbyteinc function during CBOR parsing in OSCORE negotiation. An attacker can access sensitive memory contents or cause a heap buffer overflow by sending specially crafted CoAP requests with malformed OSCORE...

9.8CVSS5.7AI score0.00296EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 10:16 p.m.3 views

DEBIAN-CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

9.8CVSS5.8AI score0.00296EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 10:16 p.m.3 views

CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

9.8CVSS0.00296EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/17 9:11 p.m.24 views

CVE-2026-29013 libcoap Out-of-Bounds Read in OSCORE CBOR Unwrap Handling

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

8.8CVSS0.00296EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/17 9:11 p.m.10 views

CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

9.8CVSS5.8AI score0.00296EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 9:11 p.m.9 views

CVE-2026-29013 libcoap Out-of-Bounds Read in OSCORE CBOR Unwrap Handling

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

8.8CVSS5.8AI score0.00296EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 9:11 p.m.4 views

CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

8.8CVSS5.8AI score0.00296EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/17 9:11 p.m.6 views

CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

9.8CVSS5.8AI score0.00296EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.9 views

PT-2026-33518

Name of the Vulnerable Software and Affected Versions libcoap affected versions not specified Description An issue exists in the OSCORE Appendix B.2 CBOR unwrap handling where the function get byte inc in src/oscore/oscore cbor.c relies exclusively on assert for bounds checking. Since assert is...

9.8CVSS6AI score0.00296EPSS
Exploits0References12
Rows per page
Query Builder