Lucene search
K

2472 matches found

Nuclei
Nuclei
added 6 hours ago43 views

Deep Sea Electronics DSE855 - Authentication Bypass

Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...

6.5CVSS6.4AI score0.02418EPSS
Exploits3References3
Cvelist
Cvelist
added 2 days ago20 views

CVE-2026-54592 Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-47770

A flaw was found in jq, a command-line JSON processor. This vulnerability allows a local user or an attacker providing malicious input to cause a denial of service DoS by comparing two sufficiently deeply nested arrays using the '==' operator. This action exhausts the C stack due to uncontrolled...

6.8CVSS5.7AI score0.00111EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added last week7 views

CVE-2026-47770

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...

6.8CVSS5.9AI score0.00111EPSS
Exploits1References1
CVE
CVE
added last week30 views

CVE-2026-47770

The CVE-2026-47770 issue affects jq (the JSON processor) where comparing deeply nested arrays with the == operator can cause stack exhaustion via recursive structural comparison in src/jv.c (jvp_array_equal, jv_equal) and overflow in jv_cmp in src/jv_aux.c. This leads to a denial of service on at...

6.8CVSS5.9AI score0.00111EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/24 8:21 p.m.6 views

CVE-2026-54297

A flaw was found in Faraday, an HTTP client library. The Faraday::NestedParamsEncoder, which handles nested query parameters, does not limit the depth of nested query strings during decoding. A remote attacker can exploit this by sending a specially crafted query string, causing the application t...

7.5CVSS5.8AI score0.00391EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/23 9:21 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the...

7.5CVSS5.8AI score0.00616EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Poppler

Versions of Poppler from 24.06.1 through 25.x, prior to 25.04.0, allowed stack consumption and a SIGSEGV due to deeply nested structures within the metadata of a PDF document such as GTSPDFEVersion. This issue occurred in functions like Dict::lookup, Catalog::getMetadata, and related functions in...

2.9CVSS7.6AI score0.00124EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in openexr

There is a flaw in OpenEXR’s deep tile sample size calculations in versions before 3.0.0-beta. An attacker who can submit a crafted file for processing by OpenEXR could trigger an integer overflow, resulting in an out-of-bounds read. The greatest risk of this flaw is to the application’s...

5.5CVSS6.8AI score0.0096EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.17 views

CVE-2026-48745

Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, a single crafted deep link can silently hijack all GPS tracking parameters and redirect telemetry to an attacker-controlled server. The...

9.3CVSS0.00323EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:30 p.m.10 views

protobufjs: Denial of service through unbounded Any expansion during JSON conversion

Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause...

7.5CVSS5.2AI score0.00324EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:52 p.m.30 views

CVE-2026-4870 Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.

IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser...

7.5CVSS0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 6:57 a.m.8 views

USN-8420-1 dotnet8, dotnet9, dotnet10 vulnerabilities

It was discovered that .NET did not properly handle link resolution before file access. A local attacker could use this issue to perform unauthorized file tampering and write arbitrary files outside of the intended extraction directory. CVE-2026-45491 It was discovered that .NET did not properly...

7.5CVSS5.5AI score0.0243EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 10:38 p.m.31 views

CVE-2026-46373

Affected software: SQLFluff (SQL linter/formatter) with parsers for multiple dialects. Vulnerability: In versions before 4.1.0, an untrusted user can submit deeply nested SQL queries that trigger a Denial of Service through resource exhaustion when parsed. Root cause: recursive/stack-based parsin...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.11 views

CVE-2026-11466

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.13 views

On the Study of Biometric Spoofing Detection Using Deep Learning

Biometric systems are increasingly deployed in security applications; however, they remain vulnerable to spoofing attacks, in which attackers exploit counterfeit biometric data to gain unauthorized access. This research evaluates the effectiveness of state-of-the-art machine learning models,...

5.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/08 10:49 a.m.12 views

Important: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

10CVSS5.7AI score0.01272EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/08 12:30 a.m.8 views

EUVD-2026-34997

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS5.2AI score0.00253EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.10 views

The Chronicles of Radio Frequency Fingerprinting

Radio Frequency Fingerprinting RFF has evolved from an early idea for radar emitter identification into a broad research field for wireless device identification and spectrum monitoring for security. Rather than presenting a conventional literature survey, this work provides a critical historical...

5.6AI score
Exploits0
NVD
NVD
added 2026/06/07 11:16 p.m.11 views

CVE-2026-11466

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS0.00253EPSS
Exploits0References7
Rows per page
Query Builder