2472 matches found
Deep Sea Electronics DSE855 - Authentication Bypass
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...
CVE-2026-54592 Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...
CVE-2026-47770
A flaw was found in jq, a command-line JSON processor. This vulnerability allows a local user or an attacker providing malicious input to cause a denial of service DoS by comparing two sufficiently deeply nested arrays using the '==' operator. This action exhausts the C stack due to uncontrolled...
CVE-2026-47770
jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...
CVE-2026-47770
The CVE-2026-47770 issue affects jq (the JSON processor) where comparing deeply nested arrays with the == operator can cause stack exhaustion via recursive structural comparison in src/jv.c (jvp_array_equal, jv_equal) and overflow in jv_cmp in src/jv_aux.c. This leads to a denial of service on at...
CVE-2026-54297
A flaw was found in Faraday, an HTTP client library. The Faraday::NestedParamsEncoder, which handles nested query parameters, does not limit the depth of nested query strings during decoding. A remote attacker can exploit this by sending a specially crafted query string, causing the application t...
Allocation of Resources Without Limits or Throttling
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the...
Astra Linux – Vulnerability in Poppler
Versions of Poppler from 24.06.1 through 25.x, prior to 25.04.0, allowed stack consumption and a SIGSEGV due to deeply nested structures within the metadata of a PDF document such as GTSPDFEVersion. This issue occurred in functions like Dict::lookup, Catalog::getMetadata, and related functions in...
Astra Linux – Vulnerability in openexr
There is a flaw in OpenEXR’s deep tile sample size calculations in versions before 3.0.0-beta. An attacker who can submit a crafted file for processing by OpenEXR could trigger an integer overflow, resulting in an out-of-bounds read. The greatest risk of this flaw is to the application’s...
CVE-2026-48745
Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, a single crafted deep link can silently hijack all GPS tracking parameters and redirect telemetry to an attacker-controlled server. The...
protobufjs: Denial of service through unbounded Any expansion during JSON conversion
Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause...
CVE-2026-4870 Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.
IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser...
USN-8420-1 dotnet8, dotnet9, dotnet10 vulnerabilities
It was discovered that .NET did not properly handle link resolution before file access. A local attacker could use this issue to perform unauthorized file tampering and write arbitrary files outside of the intended extraction directory. CVE-2026-45491 It was discovered that .NET did not properly...
CVE-2026-46373
Affected software: SQLFluff (SQL linter/formatter) with parsers for multiple dialects. Vulnerability: In versions before 4.1.0, an untrusted user can submit deeply nested SQL queries that trigger a Denial of Service through resource exhaustion when parsed. Root cause: recursive/stack-based parsin...
CVE-2026-11466
A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...
On the Study of Biometric Spoofing Detection Using Deep Learning
Biometric systems are increasingly deployed in security applications; however, they remain vulnerable to spoofing attacks, in which attackers exploit counterfeit biometric data to gain unauthorized access. This research evaluates the effectiveness of state-of-the-art machine learning models,...
Important: Red Hat Security Advisory: unbound security update
An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
EUVD-2026-34997
A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...
The Chronicles of Radio Frequency Fingerprinting
Radio Frequency Fingerprinting RFF has evolved from an early idea for radar emitter identification into a broad research field for wireless device identification and spectrum monitoring for security. Rather than presenting a conventional literature survey, this work provides a critical historical...
CVE-2026-11466
A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...