CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-18920

Malicious code in bioql PyPI...

6.9CVSS6.3AI score0.00385EPSS

Exploits0References2

Tenable Nessus•added 2025/07/11 12:0 a.m.•6 views

Azure Linux 3.0 Security Update: jq (CVE-2024-23337)

The version of jq installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23337 advisory. - jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when...

6.5CVSS6.4AI score0.00262EPSS

Exploits1References2

Vulnrichment•added 2025/06/19 3:8 p.m.•2 views

CVE-2025-49014 jq heap use after free vulnerability in f_strflocaltime

jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function fstrflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication...

6.9CVSS7.2AI score0.00385EPSS

Exploits0References2

Debian CVE•added 2025/06/19 3:8 p.m.•4 views

CVE-2025-49014

6.9CVSS5.2AI score0.00385EPSS

Exploits0

Positive Technologies•added 2025/06/19 12:0 a.m.•2 views

PT-2025-26220

Name of the Vulnerable Software and Affected Versions jq version 1.8.0 Description A heap use after free issue exists within the function f strflocaltime of /src/builtin.c. This is a problem in a command-line JSON processor. Recommendations For version 1.8.0, consider restricting access to the f...

8.7CVSS5.6AI score0.00588EPSS

Exploits3References24

CVE•added 2025/05/21 5:32 p.m.•149 views

CVE-2025-48060

CVE-2025-48060 affects jq up to version 1.7.1, where a heap-buffer-overflow in the jv_string_vfmt path can crash the process when formatting strings (OSS-Fuzz harness). The issue is triggered in jq_fuzz_execute and references malloc in jv.c. As of publication, no patch existed in the initial desc...

8.7CVSS6.5AI score0.00588EPSS

Exploits1References2Affected Software1

Cvelist•added 2025/05/21 5:32 p.m.•18 views

CVE-2025-48060 AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jvstringvfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void p = mallocsz;. As of time of publication, no patched versions are...

8.7CVSS0.00588EPSS

Exploits1References1

AlpineLinux•added 2025/05/21 2:34 p.m.•6 views

CVE-2024-23337

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...

6.5CVSS7.2AI score0.00262EPSS

Exploits1References3