144 matches found
CVE-2026-42527 Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure
Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...
CVE-2026-45682 OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running...
OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals
Summary The custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory. Details Th...
RUSTSEC-2026-0002 `IterMut` violates Stacked Borrows by invalidating internal pointer
Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::nextback methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer. This invalidates the shared pointer held by the...
HSEC-2023-0001 Hash flooding vulnerability in aeson
Hash flooding vulnerability in aeson aeson was vulnerable to hash flooding a.k.a. hash DoS. The issue is a consequence of the HashMap implementation from unordered-containers. It results in a denial of service through CPU consumption. This technique has been used in real-world attacks against a...
EUVD-2014-3189
Malware in sbrugna...
EUVD-2025-18858
Malicious code in bioql PyPI...
EUVD-2025-13986
Malicious code in bioql PyPI...
EUVD-2023-27103
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-34867
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jerryscript 3.0 commit 05dbbd1 was discovered to contain an Assertion Failure via the ecmapropertyhashmapcreate at jerry-core/ecma/base/ecma-property-hashmap.c...
bpf: Fix kmemleak warning for percpu hashmap
...
Linux Distros Unpatched Vulnerability : CVE-2025-6490
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function...
Linux Distros Unpatched Vulnerability : CVE-2025-37807
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 size 32: backtrace crc 0:...
SUSE CVE-2025-6490
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the hashmapgetwithhash function in the gumbo-parser/src/hashmap.c file. An attacker can cause a crash or disrupt service by providing crafted input. Note: According to the maintainer of the package the cod...
CVE-2025-6494
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmapgetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be...
UBUNTU-CVE-2025-6494
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmapgetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be...
GHSA-PF9W-GVCF-GV7M sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow
Withdrawn Advisory This advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references. Original Description A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and...
UBUNTU-CVE-2025-6490
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...
CVE-2025-6490 sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...