115 matches found
CVE-2026-57076
A flaw was found in YAML::Syck. An attacker could exploit a heap use-after-free vulnerability by providing a specially crafted YAML document that reuses an anchor name as an anchors-table key. This flaw causes the software to read freed heap memory, which may lead to information disclosure or...
CVE-2026-57075
A flaw was found in YAML::Syck. An out-of-bounds read vulnerability exists in the base64 decoder, specifically in the syckbase64dec function. This occurs because the decoder uses a signed character to index a lookup table, allowing specially crafted !!binary YAML nodes with high-bit bytes to caus...
Incorrect Authorization
Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Incorrect Authorization via the submitjob process. An attacker can execute arbitrary OS commands on the server by submitting a crafted YAML...
Astra Linux – Vulnerability in yaml-cpp
The SingleDocParser::HandleFlowMap function in yaml-cpp also known as LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service resource consumption and application crash through a crafted YAML file...
CVE-2026-45224 Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace Resolution
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...
JLSEC-2026-23
The SingleDocParser::HandleNode function in yaml-cpp aka LibYaml-C++ 0.5.3 allows remote attackers to cause a denial of service stack consumption and application crash via a crafted YAML file...
CVE-2025-62348 Salt junos module uses an unsafe YAML loader which may allow unintended code execution
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...
EUVD-2021-18566
Malware in sbrugna...
EUVD-2019-15851
Malware in sbrugna...
EUVD-2017-17771
Malware in sbrugna...
EUVD-2018-13128
Malware in sbrugna...
yaml-libyaml: LibYAML Perl File Modification Vulnerability
A flaw was found in yaml-libyaml. The component uses a two-argument open function when parsing YAML files, which allows an attacker to modify existing files on the system. This flaw allows a local attacker to provide a crafted YAML file as input. This issue can result in unauthorized modification...
CVE-2024-35060
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...
CVE-2024-37861
Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a buffer overflow via the nav2amcl process. This vulnerability is triggered via sending a crafted .yaml file...
CVE-2024-37860
Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2amcl process...
CVE-2021-46364
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file...
CVE-2021-31681
Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file...
CVE-2024-37862
Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2planner process...
PT-2024-27792 · Open Robotics · Ros2 +1
Name of the Vulnerable Software and Affected Versions: Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions Description: The issue is a buffer overflow that occurs via the nav2 amcl process. This is triggered by sending a crafted .yaml file. Recommendations: For Open Robotics...
CVE-2024-37285 Kibana arbitrary code execution via YAML deserialization
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...