CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

UBUNTU-CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

Linux Distros Unpatched Vulnerability : CVE-2021-26927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2decode in jp2dec.c may lead to program crash and denial of service. CVE-2021-26927 No...

cJSON 安全漏洞

cJSON is a lightweight open source JSON parser from the individual developer Dave Gamble. A security vulnerability exists in cJSON version 1.7.18 and earlier, which stems from an out-of-bounds access vulnerability in the decodearrayindexfrompointer function that could lead to bypassing array boun...

CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

PT-2025-35723

Name of the Vulnerable Software and Affected Versions cJSON versions 1.5.0 through 1.7.18 Description cJSON versions 1.5.0 through 1.7.18 contain an out-of-bounds access issue within the decode array index from pointer function located in cJSON Utils.c. This allows attackers to bypass array bound...

CVE-2025-9796

A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made...

CVE-2025-9796 thinkgem JeeSite EncodeUtils.java decodeUrl2 cross site scripting

A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made...

CVE-2025-9796 thinkgem JeeSite EncodeUtils.java decodeUrl2 cross site scripting

A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made...

Thinkgem JeeSite 安全漏洞

Thinkgem JeeSite is an open source Java EE enterprise-class rapid development platform of China Zhuo Yuan Thinkgem company . The platform includes system permissions components , data permissions components , data dictionary components , core tools components , view manipulation components ,...

PT-2025-35512

Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.1 Description A vulnerability exists in the decodeUrl2 function of the common/src/main/java/com/jeesite/common/codec/EncodeUtils.java file. This allows for cross site scripting, and the attack can be launch...

Linux Distros Unpatched Vulnerability : CVE-2025-46646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for...

Linux Distros Unpatched Vulnerability : CVE-2025-55197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requir...

CVE-2025-30064

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...

Linux Distros Unpatched Vulnerability : CVE-2023-29421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3decodeblock. CVE-2023-29421 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2019-13626

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SDL Simple DirectMedia Layer 2.x through 2.0.9 has a heap-based buffer over-read in FillIMAADPCMblock, caused by an integer overflow in IMAADPCMdecode in...

Linux Distros Unpatched Vulnerability : CVE-2022-27419

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rtl433 21.12 was discovered to contain a stack overflow in the function acurite00275rmdecode at /devices/acurite.c. This vulnerability allows attackers to cause...

Linux Distros Unpatched Vulnerability : CVE-2019-19637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixeldecoderawimpl at fromsixel.c. CVE-2019-19637 Note that Nessus relie...