Lucene search
K

138 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Oracle Linux 9 : ruby:4.0 (ELSA-2026-20596)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20596 advisory. - Fix ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Resolves: RHEL-171258 - Fix JSON: Denial of Service or Information...

9.1CVSS6.9AI score0.01131EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:18 a.m.11 views

Malicious code in mongoose-json-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 910cc6eef707ac872daeb3a527e6dd9c75044ebb178f9eb48745f5cfd4123968 helpers.js defines a createLog helper that base64-decodes a constant HASHKEY to https://www.jsonkeeper.com/b/XVHGD an anonymous JSON-paste host and...

6AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in protobuf

There is a denial-of-service DoS vulnerability in the google.protobuf.jsonformat.ParseDict function in Python. This vulnerability allows for bypassing the maximum recursion depth when parsing nested google.protobuf.Any messages. Due to the lack of recursion depth accounting within the internal...

8.2CVSS6.6AI score0.00613EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/23 9:23 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object...

6.9CVSS6AI score0.00345EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:17 p.m.4 views

Security Bulletin: Vulnerability in Ruby affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Ruby has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

9.1CVSS6.3AI score0.00838EPSS
Exploits0Affected Software2
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.12 views

cereal 安全漏洞

Cereal is an open-source C++11 serialization library developed by iLab at USC. It supports binary, XML, and JSON formats. Versions of Cereal 1.3.2 and earlier contain security vulnerabilities. These vulnerabilities stem from unknown functions in the Shared Pointer Handler component, which may lea...

7.5CVSS7.3AI score0.00313EPSS
Exploits0References7
CVE
CVE
added 2026/06/06 2:28 a.m.39 views

CVE-2026-8502

Technical details for CVE-2026-8502 are not provided in the connected documents; the available description notes exposure via c_status and return_type in LearnPress

5.3CVSS5.5AI score0.00353EPSS
Exploits0References14
OSV
OSV
added 2026/05/26 12:0 a.m.12 views

ALSA-2026:20596 Important: ruby:4.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary...

9.1CVSS6.7AI score0.01131EPSS
Exploits0References6
Fedora
Fedora
added 2026/04/24 12:55 a.m.10 views

[SECURITY] Fedora 43 Update: rpki-client-9.8-1.fc43

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

5.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2026/04/13 10:16 p.m.6 views

CVE-2026-40169

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19...

6.2CVSS5.7AI score0.0018EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

TinaCMS 安全漏洞

TinaCMS is an open-source headless CMS developed by Tina for Markdown, MDX, and JSON formats. Versions of TinaCMS prior to 2.2.2 contained a security vulnerability. This vulnerability stemmed from string-based path validation in FilesystemBridge, which allowed operations on files outside of the...

8.8CVSS5.8AI score0.00372EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/03/06 4:36 p.m.5 views

python: protobuf: Protobuf: Denial of Service due to recursion depth bypass

A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.3 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Protocol Buffers vulnerability (USN-8063-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8063-1 advisory. It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict function is being...

8.2CVSS6AI score0.00613EPSS
Exploits0References2
OSV
OSV
added 2026/02/28 12:44 p.m.8 views

OESA-2026-1432 protobuf security update

Security Fixes: A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an...

8.2CVSS5.9AI score0.00613EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/27 12:0 a.m.6 views

SUSE SLED15 / SLES15 Security Update : protobuf (SUSE-SU-2026:0618-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0618-1 advisory. i - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Tenable...

8.2CVSS6AI score0.00613EPSS
Exploits0References4
OSV
OSV
added 2026/02/24 3:35 p.m.4 views

SUSE-SU-2026:0618-1 Security update for protobuf

This update for protobuf fixes the following issues:i - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.4AI score0.00613EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/23 4:22 p.m.3 views

python: protobuf: Protobuf: Denial of Service due to recursion depth bypass

A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/23 4:2 p.m.3 views

python: protobuf: Protobuf: Denial of Service due to recursion depth bypass

A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.7 views

SUSE SLES15 Security Update : protobuf (SUSE-SU-2026:0563-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0563-1 advisory. - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Tenable has extracted the...

8.2CVSS6.7AI score0.00613EPSS
Exploits0References4
OSV
OSV
added 2026/02/17 9:42 a.m.2 views

SUSE-SU-2026:20490-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References3
Rows per page
Query Builder