CVE-2026-9787

CVE-2026-9787 affects Quest NetVault Backup, specifically the NVBULogDaemon component that processes JSON-RPC messages. The vulnerability stems from insufficient validation of user-supplied strings before they are used in system calls, enabling a remote attacker to execute code with SYSTEM privil...

CVE-2026-9785 Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-40879

A flaw was found in Nest, a framework for building scalable Node.js server-side applications. A remote attacker can exploit this vulnerability by sending numerous small, valid JSON JavaScript Object Notation messages within a single TCP Transmission Control Protocol frame. This action causes the...

CVE-2026-40879

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData recurses once per message; the buffer shrinks each call. maxBufferSize is never reached; call stack overflows instead. ...

EUVD-2026-24479

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the msg or callback fields. On the client side, plugin/YPTSocket/script.js contains two eval...

CVE-2026-40879

Summary: Nest (Node.js) suffers a DoS via recursive handling of JSON frames over TCP. Before 11.1.19, handleData() recursed for each valid JSON message in a single frame, causing call stack growth and eventual RangeError when a ~47 KB payload is sent. This is fixed in 11.1.19. What’s affected: Th...

PT-2026-33230

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData recurses once per message; the buffer shrinks each call. maxBufferSize is never reached; call stack overflows instead. ...

PT-2026-22088

Name of the Vulnerable Software and Affected Versions Drupal Canvas versions prior to 1.1.1 Description A Server-Side Request Forgery SSRF issue exists in the Drupal Canvas module. The vulnerability is exposed when the hidden canvas ai submodule is enabled, typically through Drupal Recipes or...

EUVD-2026-5530

In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...

EUVD-2018-15697

Malware in sbrugna...

EUVD-2025-7801

Malicious code in bioql PyPI...

StrongDM Client 安全漏洞

StrongDM Client is a client software from StrongDM, Inc. A security vulnerability exists in StrongDM Client that stems from improper handling of JSON formatted messages, which could result in modification of the system configuration...

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

[SECURITY] Fedora 42 Update: syslog-ng-4.8.2-1.fc42

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

[SECURITY] Fedora 41 Update: syslog-ng-4.8.2-1.fc41

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

CVE-2025-27615

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

GHSA-MGFG-7533-7JF6 ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

iperf3: memory allocation hazard and crash

An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow...

iperf3: memory allocation hazard and crash

An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow...

iperf3: memory allocation hazard and crash

An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow...