CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

RedhatCVE•added 2026/03/26 12:34 a.m.•1 views

CVE-2026-33228

A flaw was found in flatted, a JavaScript Object Notation JSON parser designed for handling circular data structures. A remote attacker can exploit this vulnerability by providing specially crafted JSON input. The parse function in flatted fails to properly validate string values used as array...

9.8CVSS6.2AI score0.0007EPSS

Exploits1References6

NVD•added 2026/03/20 11:16 p.m.•0 views

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS0.0007EPSS

Exploits1References3

OSV•added 2026/03/20 11:16 p.m.•2 views

UBUNTU-CVE-2026-33228

9.8CVSS6AI score0.0007EPSS

Exploits1References5

ATTACKERKB•added 2026/03/20 11:6 p.m.•2 views

CVE-2026-33228

9.3CVSS6AI score0.0007EPSS

Exploits1References4Affected Software1

UbuntuCve•added 2026/03/12 6:16 p.m.•2 views

CVE-2026-32141

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

7.5CVSS7.2AI score0.00022EPSS

Exploits1References1

OSV•added 2026/03/12 6:8 p.m.•1 views

CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase

7.5CVSS5.9AI score0.00022EPSS

Exploits1References5