CVE-2026-11800

CVE-2026-11800 concerns Keycloak services and describes a JWT algorithm confusion vulnerability in the JWT Authorization Grant flow. The issue allows an attacker with valid client credentials to bypass signature verification by forging an assertion, enabling creation of unauthorized access tokens...

CVE-2026-11800

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

CVE-2026-12473 OHIF Viewers DICOM Server-Side request forgery

Two data sources DICOMWebProxy and DICOMJSON shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the...

CVE-2026-57522

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens, which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template referenc...

EUVD-2026-38384

MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement...

CVE-2026-57522

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens, which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template referenc...

EUVD-2026-39543

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens, which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template referenc...

CVE-2026-57522 Bitwarden Server < 2026.5.0 JSON Injection via Webhook Templates

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens, which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template referenc...

CVE-2026-57522

CVE-2026-57522 affects Bitwarden Server prior to 2026.5.0. The vulnerability is a JSON injection in IntegrationTemplateProcessor.ReplaceTokens(), which inserts user-controlled values into event-integration templates without JSON encoding. If an organization uses an event integration whose templat...

CVE-2026-54679

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...

CVE-2026-47770

The CVE-2026-47770 issue affects jq (the JSON processor) where comparing deeply nested arrays with the == operator can cause stack exhaustion via recursive structural comparison in src/jv.c (jvp_array_equal, jv_equal) and overflow in jv_cmp in src/jv_aux.c. This leads to a denial of service on at...

CVE-2026-47770

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...

CVE-2026-54679

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...

ROOT-APP-MAVEN-CVE-2022-45688 CVE-2022-45688 in io.root.org.json:json - Patched by Root

Root has patched CVE-2022-45688 in the io.root.org.json:json package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2023-5072 CVE-2023-5072 in io.root.org.json:json - Patched by Root

Root has patched CVE-2023-5072 in the io.root.org.json:json package for Root:Maven. Multiple fixed versions available...

Ollama - Remote Code Execution

Ollama before 0.1.34 does not validate the format of the digest sha256 with 64 hex digits when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring. id: CVE-2024-37032 info: name: Ollama ...

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keysfor 'roles' used for access control within the database, including the special case 'admin' role, th...

EUVD-2026-39148

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

EUVD-2026-39100

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

CVE-2026-9782

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...