ROOT-OS-DEBIAN-11-CVE-2024-42230 CVE-2024-42230 in rootio-linux - Patched by Root

Root has patched CVE-2024-42230 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

RockyLinux 10 : jq (RLSA-2026:19151)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19151 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON...

Important: Red Hat Security Advisory: jq security update

An update for jq is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

RockyLinux 10 : jq (RLSA-2026:16692)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:16692 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON...

CVE-2026-8114 JeecgBoot JSON Object loadTreeData sql injection

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2026-8114

CVE-2026-8114 affects JeecgBoot up to 3.9.1, targeting the file path /sys/dict/loadTreeData in the JSON Object Handler. The vulnerability stems from manipulation of an input argument in that function, enabling SQL injection. The issue is remote in nature, with a publicly available exploit noted i...

CVE-2026-8114 JeecgBoot JSON Object loadTreeData sql injection

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2025-36366

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user to cause a denial of service by executing a query that invokes the JSONObject scalar function, which may trigger an unhandled exception leading to abnormal server termination...

UBUNTU-CVE-2025-36366

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user to cause a denial of service by executing a query that invokes the JSONObject scalar function, which may trigger an unhandled exception leading to abnormal server termination...

MiracleLinux 9 : dotnet6.0-6.0.113-1.el9.ML.1 (AXSA:2023-4989:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4989:05 advisory. dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process CVE-2023-21538 Tenable has extracted the preceding...

MiracleLinux 8 : ruby:2.5 (AXSA:2021-2345:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2345:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...

CVE-2022-31018

Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...

EUVD-2014-0016

Malware in sbrugna...

EUVD-2020-20990

Malware in sbrugna...

EUVD-2016-3296

Malware in sbrugna...

EUVD-2017-16284

Malware in sbrugna...

EUVD-2025-21099

Malicious code in bioql PyPI...

EUVD-2022-7394

Malicious code in bioql PyPI...

EUVD-2024-0938

Malicious code in bioql PyPI...

OpenSearch unauthorized data access on fields protected by field level security if field is a member of an object

Impact OpenSearch versions 2.19.2 and earlier improperly apply Field Level Security FLS rules on fields which are not at the top level of the source document tree i.e., which are members of a JSON object. If an FLS exclusion rule like object is applied to an object valued attribute in a source...