CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

RedHat Linux•added 2026/05/26 5:33 a.m.•7 views

ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection

A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service DoS or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allowduplicatekey: false parsing option...

9.1CVSS6.3AI score0.00038EPSS

Exploits0References5

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: keys: Fixed the issue of linking a duplicate key to a keyring’s assocarray. When making a DNS query within the kernel using dnsquery, the request code can, in rare cases, create a duplicate index key in the assocarray of the...

6.1AI score0.00029EPSS

Exploits0References2

SUSE CVE•added 2026/03/24 12:24 a.m.•3 views

SUSE CVE-2026-33210

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...

9.1CVSS5.8AI score0.00038EPSS

Exploits0References3

RedhatCVE•added 2026/03/23 10:53 a.m.•4 views

CVE-2026-33210

8.3CVSS5.8AI score0.00038EPSS

Exploits0References4

Veracode•added 2026/03/21 5:27 a.m.•5 views

Format String Injection

Ruby JSON is vulnerable to Format String Injection. The vulnerability is due to a format string injection vulnerability, where the allowduplicatekey: false parsing option is used to parse user supplied documents and can lead to denial of service attacks or information disclosure...

9.1CVSS5.9AI score0.00038EPSS

Exploits0References2Affected Software2

NVD•added 2026/03/20 11:16 p.m.•6 views

CVE-2026-33210

9.1CVSS0.00038EPSS

Exploits0References1

OSV•added 2026/03/20 11:16 p.m.•2 views

DEBIAN-CVE-2026-33210

9.1CVSS6AI score0.00038EPSS

Exploits0References1

OSV•added 2026/03/20 11:16 p.m.•2 views

UBUNTU-CVE-2026-33210

9.1CVSS5.8AI score0.00038EPSS

Exploits0References3

UbuntuCve•added 2026/03/20 11:16 p.m.•2 views

CVE-2026-33210

9.1CVSS5.8AI score0.00038EPSS

Exploits0References2

ATTACKERKB•added 2026/03/20 10:57 p.m.•2 views

CVE-2026-33210

8.3CVSS5.7AI score0.00038EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/20 10:57 p.m.•22 views

CVE-2026-33210 Ruby JSON has a format string injection vulnerability

8.3CVSS0.00038EPSS

Exploits0References1

CVE•added 2026/03/20 10:57 p.m.•16 views

CVE-2026-33210

The connected advisory (GHSA-3M6G-2423-7CP3) describes a format string injection vulnerability in Ruby JSON that can cause denial of service or information disclosure when parsing documents with allow_duplicate_key: false. This option is not the default, so impact depends on opting in. The issue ...

9.1CVSS5.7AI score0.00038EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/03/20 10:57 p.m.•2 views

CVE-2026-33210 Ruby JSON has a format string injection vulnerability

8.3CVSS5.7AI score0.00038EPSS

Exploits0References1

OSV•added 2026/03/20 10:57 p.m.•2 views

CVE-2026-33210 Ruby JSON has a format string injection vulnerability

8.3CVSS5.8AI score0.00038EPSS

Exploits0References3

Debian CVE•added 2026/03/20 10:57 p.m.•3 views

CVE-2026-33210

9.1CVSS6AI score0.00038EPSS

Exploits0

CNNVD•added 2026/03/20 12:0 a.m.•3 views

JSON implementation for Ruby 格式化字符串错误漏洞

JSON Implementation for Ruby is a open-source Ruby implementation of JSON. There were formatting string error vulnerabilities in versions prior to Ruby 2.15.2.1, Ruby 2.17.1.2, and Ruby 2.19.2. These vulnerabilities stem from format string injection when using the allowduplicatekey: false parsing...

9.1CVSS6.4AI score0.00038EPSS

Exploits0References3

CNNVD•added 2026/03/20 12:0 a.m.•2 views

Tillitis TKey Client package 安全漏洞

The Tillitis TKey Client package is an open-source client library in Go language developed by Tillitis AB, designed for controlling hardware security keys. Versions of the Tillitis TKey Client package prior to 1.2.0 contained security vulnerabilities. These vulnerabilities were caused by buffer...

4.7CVSS6.5AI score0.00008EPSS

Exploits1References3

Github Security Blog•added 2026/03/19 12:45 p.m.•4 views

Ruby JSON has a format string injection vulnerability

Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted...

9.1CVSS5.8AI score0.00038EPSS

Exploits0References4Affected Software1

RubySec•added 2026/03/19 12:0 a.m.•9 views

Ruby JSON has a format string injection vulnerability

9.1CVSS5.8AI score0.00038EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/03/19 12:0 a.m.•0 views

PT-2026-26298

Name of the Vulnerable Software and Affected Versions Ruby JSON versions 2.14.0 through 2.15.2 Ruby JSON versions 2.17.1 through 2.17.1.2 Ruby JSON versions 2.19.0 through 2.19.2 Description Ruby JSON is a JSON implementation for Ruby. A format string injection issue exists when the allow duplica...

9.8CVSS5.8AI score0.00324EPSS

Exploits2References87

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by