Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13532 matches found

ATTACKERKB
ATTACKERKBadded 2026/04/13 11:40 p.m.2 views

CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

7.5CVSS5.8AI score0.00024EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/13 11:40 p.m.2 views

CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

7.5CVSS5.8AI score0.00024EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/04/13 11:40 p.m.3 views

CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

7.5CVSS5.3AI score0.00024EPSS
Exploits0
OSV
OSVadded 2026/04/13 11:16 p.m.2 views

UBUNTU-CVE-2026-39956

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

6.1CVSS5.7AI score0.00019EPSS
Exploits1References6
OSV
OSVadded 2026/04/13 11:16 p.m.1 views

UBUNTU-CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

6.9CVSS5.9AI score0.00072EPSS
Exploits1References6
OSV
OSVadded 2026/04/13 6:16 p.m.0 views

UBUNTU-CVE-2026-32316

jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...

8.2CVSS6.1AI score0.00025EPSS
Exploits1References6
EUVD
EUVDadded 2026/04/13 5:49 p.m.0 views

EUVD-2026-22039

jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...

8.2CVSS6.1AI score0.00025EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/13 5:49 p.m.4 views

CVE-2026-32316

jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...

8.2CVSS6.1AI score0.00025EPSS
Exploits1References3
CVE
CVEadded 2026/04/13 5:49 p.m.15 views

CVE-2026-32316

CVE-2026-32316 affects jq up to and including 1.8.1, where the functions jvp_string_append() and jvp_string_copy_replace_bad() lack string size bounds checks. Concatenating strings that exceed 2^31 bytes causes a 32-bit unsigned overflow in buffer allocation, producing a heap buffer overflow (CWE...

8.2CVSS6.1AI score0.00025EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2026/04/13 3:31 p.m.1 views

EUVD-2026-21926

A stack overflow in the experimental/tinyobjloaderopt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service DoS via supplying a crafted .mtl file...

6.2CVSS5.8AI score0.00018EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/13 6:30 a.m.2 views

EUVD-2026-21826

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

6.5CVSS5.8AI score0.00057EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/13 5:6 a.m.4 views

CVE-2026-40447

Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

5.1CVSS5.8AI score0.00047EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/13 5:6 a.m.25 views

CVE-2026-40447

Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

5.1CVSS0.00047EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/13 4:52 a.m.0 views

CVE-2026-25209

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

6.5CVSS5.8AI score0.00057EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/13 4:52 a.m.24 views

CVE-2026-25209

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

6.5CVSS0.00057EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/13 4:47 a.m.0 views

CVE-2026-25207

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

7.4CVSS5.8AI score0.0004EPSS
Exploits0References1
CVE
CVEadded 2026/04/13 4:47 a.m.13 views

CVE-2026-25207

CVE-2026-25207 involves an out-of-bounds write in Samsung Open Source Escargot. The issue affects Escargot at commit 97e8115ab1110bc502b4b5e4a0c689a71520d335. Reported impact indicates high confidentiality, integrity, and availability impacts (CVSS v3.1 scores show base scores up to 9.8 in NVD, w...

9.8CVSS5.8AI score0.0004EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/13 4:44 a.m.2 views

CVE-2026-25206

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

6.7CVSS5.8AI score0.0004EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/13 4:44 a.m.23 views

CVE-2026-25206

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

6.7CVSS0.0004EPSS
Exploits0References1
CVE
CVEadded 2026/04/13 4:38 a.m.6 views

CVE-2026-25205

The CVE-2026-25205 entry concerns Samsung Open Source Escargot and is linked to a heap-based buffer overflow that allows an out-of-bounds write. Affected entity: Escargot (commit 97e8115ab1110bc502b4b5e4a0c689a71520d335). Publicly disclosed details in the connected sources summarize the vulnerabi...

9.8CVSS6AI score0.0004EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder