Lucene search
K

488 matches found

ATTACKERKB
ATTACKERKB
added last week8 views

CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References6Affected Software1
CVE
CVE
added last week16 views

CVE-2026-9563

Eclipse Parsson JSON parser did not enforce a default maximum on parsed characters before 1.1.8, allowing DoS from attacker-controlled JSON via very large documents. The fixed version, Parsson 1.1.8, adds a configurable limit with a default of 15 million parser-consumed characters. Affected: Ecli...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 6:47 p.m.3 views

GHSA-3CCM-4QQ2-5WRP Constrata's coordinator transit engine `ciphertextContainer.UnmarshalJSON` panics on attacker-controlled short ciphertexts

Summary ciphertextContainer.UnmarshalJSON decodes the third :-separated component of a vault:vX:base64... ciphertext and then unconditionally takes a 12-byte prefix slice for the AES-GCM nonce: c.nonce = fullCiphertext:aesGCMNonceSize. If the decoded blob is shorter than 12 bytes, the slice...

4.3CVSS5.7AI score
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/30 11:42 p.m.3 views

CVE-2026-54903

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...

6.3CVSS5.8AI score0.00253EPSS
Exploits0
NVD
NVD
added 2026/06/29 8:17 p.m.6 views

CVE-2026-53426

Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parsedocument/2 accepts a :json, json source. In lib/mdex.ex, the private jsontonode/1 function passes the attacker-controlled nodetype value to Module.concat/1, which calls...

8.2CVSS0.00126EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/23 5:43 p.m.9 views

Budibase has nonymous NoSQL operator injection via published-app query templates

Summary enrichContext at packages/server/src/sdk/workspace/queries/queries.ts:121-138 substitutes parameter values into the raw JSON body of a query, then JSON.parses the result. The validator validateQueryInputs at packages/server/src/api/controllers/query/index.ts:61-71 rejects only Handlebars...

10CVSS5.9AI score0.00538EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2026/06/19 12:31 a.m.8 views

EUVD-2026-37960

PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: headers, combined with Starlette's...

8.6CVSS5.8AI score0.00504EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-51089

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj is a JSON parser and Object marshaller for Ruby. The Oj.load function is susceptible to heap corruption when processing a JSON string exceeding 2 GB. An integer overflow occurs within the buf append...

8.7CVSS5.9AI score0.00253EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 9:18 p.m.9 views

EUVD-2026-36154

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS5.4AI score0.00422EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.12 views

Alibaba Cloud Linux 3 : 0115: jq (ALINUX3-SA-2026:0115)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0115 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-39979: A flaw was found in jq, a...

8.2CVSS5.9AI score0.00559EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Atlassian Jira Service Management Data Center and Server 11.2.0 < 11.3.5 (JSDSERVER-16576)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16576 advisory. - jackson-core contains core low-level incremental streaming parser and generator abstractions used by...

8.7CVSS5.7AI score0.00552EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 8:44 a.m.9 views

CLSA-2026-1778661840 skopeo: Fix of CVE-2024-24786

CVE-2024-24786: fix infinite loop in vendored google.golang.org/protobuf protojson.Unmarshal on malformed JSON by handling EOF in skipJSONValue and rejecting ObjectClose after a Name token in Decoder.Read...

7.5CVSS6.9AI score0.01262EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Exim vulnerabilities (USN-8228-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8228-1 advisory. It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possib...

9.8CVSS6.3AI score0.00373EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 12:28 p.m.24 views

Security Bulletin: Security vulnerability has been detected in IBM Security Verify Governance Identity Manager Adapters

Summary IBM Security Verify Governance Identity Manager Adapters use jackson-core-2.12.0.jar, which is affected by vulnerability WS-2026-0003 Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000...

5.4AI score
Exploits0Affected Software1
Snyk
Snyk
added 2026/04/28 11:19 a.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper bounds checking in the JSON parsing process. An attacker can cause the application to read memory outside the intended buffer by providing specially crafted JSON input. Remediation Upgrade thrift to...

9.1CVSS5.9AI score0.00967EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: jq (UTSA-2026-014279)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014279 advisory. jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass...

6.3CVSS5.6AI score0.00256EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : RapidJSON vulnerability (USN-8189-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8189-1 advisory. It was discovered that RapidJSON did not properly protect against integer overflows in certain instances when...

7.8CVSS5.8AI score0.00424EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.3 views

PT-2026-34238

facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, fio json parse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning...

8.7CVSS5.7AI score0.00294EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/14 12:16 a.m.6 views

CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

6.3CVSS6AI score0.00256EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/13 11:51 p.m.7 views

EUVD-2026-22158

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

6.3CVSS6AI score0.00256EPSS
Exploits1References2
Rows per page
Query Builder