Lucene search
K

10 matches found

OSV
OSV
added 2026/07/01 12:16 a.m.3 views

DEBIAN-CVE-2026-54900

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with createid enabled, Oj::Parserparse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:34 p.m.29 views

CVE-2026-54900

CVE-2026-54900 (Oj Gem) affects the Ruby gem Oj (Optimized JSON). In versions before 3.17.2, when running in usual mode with create_id enabled, Oj::Parser#parse is vulnerable to heap corruption via a negative-size memcpy. Specifically, if a JSON object key is exactly 65,535 bytes, an integer trun...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.8 views

Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling

Summary Oj::Parserparse in usual mode with createid enabled is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer truncation in formattr usual.c:63 converts the length to -1 before passing it to memcpy. This causes memcpy to...

6.3CVSS5.9AI score0.00253EPSS
Exploits0References2Affected Software1
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Oj - Negative-Size memcpy in 'Oj::Parser' create_id Attribute Handling

Summary Oj::Parserparse in usual mode with createid enabled is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer truncation in formattr usual.c:63 converts the length to -1 before passing it to memcpy. This causes memcpy to...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51086

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description When operating in usual mode with create id enabled, the Oj::Parserparse function is susceptible to heap corruption. This occurs when a JSON object key is exactly 65,535 bytes long, leading to an integer...

8.7CVSS5.8AI score0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.5 views

PT-2025-18453

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A vulnerability in the Linux kernel has been resolved, related to the RDMA/cma component. The issue occurs when multiple calls to cma netevent callback are made in quick succession,...

5.5CVSS6.7AI score0.00166EPSS
Exploits0
OSV
OSV
added 2025/01/18 2:15 p.m.2 views

CVE-2025-0559

A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to cross site...

4.8CVSS3.9AI score
Exploits0References5
Cvelist
Cvelist
added 2025/01/18 2:0 p.m.22 views

CVE-2025-0559 Campcodes School Management Software Create Id Card Page create-id-card cross site scripting

A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to cross site...

5.1CVSS0.00345EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/01/18 12:0 a.m.11 views

PT-2025-3952 · Unknown · Campcodes School Management

Name of the Vulnerable Software and Affected Versions: Campcodes School Management Software version 1.0 Description: A cross-site scripting issue has been found in the Create Id Card Page component, specifically in the file /create-id-card. The manipulation of the ID Card Title argument leads to...

5.1CVSS6.3AI score0.00345EPSS
Exploits1References10
CNNVD
CNNVD
added 2022/01/14 12:0 a.m.6 views

Modex代码问题漏洞

Modex is a model extractor. It is used to mechanically extract verification models from implementation-level C code. A security vulnerability exists in Modex, which stems from the fact that Modex v2.11 was found to contain a NULL pointer dereference in setcreateid of xtract.c. The vulnerability i...

5.5CVSS5.5AI score0.00647EPSS
Exploits1References2
Rows per page
Query Builder