Lucene search
K

532 matches found

CVE
CVE
added 2 days ago4 views

CVE-2026-59888

The CVE-2026-59888 issue affects Jackson Databind (Java Records) where, from 2.15.0 through 2.18.8, 2.21.4, and 3.1.4, a PropertyNamingStrategy can cause a bypass of @JsonIgnore. This occurs because POJOPropertiesCollector._removeUnwantedIgnorals() records an ignored component under its original ...

6.5CVSS6.1AI score0.00247EPSS
Exploits0References4
Fedora
Fedora
added 2026/07/08 1:11 a.m.9 views

[SECURITY] Fedora 43 Update: python-rignore-0.7.6-7.fc43

rignore is a Python module that provides a high-performance, Rust-powered file system traversal functionality. It wraps the Rust ignore crate using PyO3, offering an efficient way to walk through directories while respecting various ignore rules...

6AI score
Exploits0
Fedora
Fedora
added 2026/07/08 12:58 a.m.10 views

[SECURITY] Fedora 44 Update: python-rignore-0.7.6-7.fc44

rignore is a Python module that provides a high-performance, Rust-powered file system traversal functionality. It wraps the Rust ignore crate using PyO3, offering an efficient way to walk through directories while respecting various ignore rules...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/30 9:36 p.m.18 views

CVE-2026-54516

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security controls by exploiting an issue in how properties are handled when both @JsonProperty for renaming and @JsonIgnore for ignoring annotations are used. By supplying a specially crafted JSON key, an...

5.3CVSS5.7AI score0.00282EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/26 10:55 p.m.7 views

EUVD-2026-39494

pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement...

8.8CVSS5.8AI score0.00326EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 8:11 p.m.16 views

CVE-2026-6681

CVE-2026-6681 describes a buffer overflow in wolfSSL up to 5.9.0 caused by the PKCS#7 decode path ignoring the caller-supplied output buffer size (outputSz). Decoded data can be written past the provided buffer, potentially affecting confidentiality and integrity. The issue is fixed in wolfSSL 5....

5.3CVSS6AI score0.00256EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 7:28 p.m.8 views

CVE-2026-42055

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS6.5AI score0.03552EPSS
Exploits1References4
NVD
NVD
added 2026/06/25 6:16 p.m.10 views

CVE-2026-50016

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can...

8.8CVSS0.00326EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 4:53 p.m.33 views

CVE-2026-50016 pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can...

8.8CVSS0.00326EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52515

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm allows a transitive dependency alias within registry package metadata to include path traversal segments. During the installation process, pnpm utilizes this alias a...

8.8CVSS5.8AI score0.00326EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2026/06/23 9:24 p.m.8 views

jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields

Summary POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed rather than dropped. With MapperFeature.INFERPROPERTYMUTATORS enabled default, the private backing field is retained; during deserialization...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/06/23 9:23 p.m.6 views

GHSA-5JMJ-H7XM-6Q6V jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties

Summary In BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a contextual deserializer whose BeanPropertyMap has the ignored properties removed. The subsequent per-property case-insensitivity block triggered by...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/23 9:23 p.m.9 views

jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties

Summary In BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a contextual deserializer whose BeanPropertyMap has the ignored properties removed. The subsequent per-property case-insensitivity block triggered by...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References6Affected Software2
Snyk
Snyk
added 2026/06/23 9:23 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object...

6.9CVSS6AI score0.00345EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 9:17 p.m.5 views

DEBIAN-CVE-2026-54515

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 9:17 p.m.10 views

CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS0.00282EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 9:17 p.m.4 views

DEBIAN-CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 9:17 p.m.5 views

UBUNTU-CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/06/23 8:50 p.m.9 views

CVE-2026-54515

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...

5.3CVSS5.8AI score0.00345EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:50 p.m.8 views

CVE-2026-54515

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder