Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

BDU FSTEC
BDU FSTECadded 2025/06/13 12:0 a.m.1 views

The vulnerability of the jv_string_vfmt function in the programming functional language jq, which allows a hacker to trigger a denial-of-service attack

The vulnerability of the jvstringvfmt function in thejq programming language is related to access to resources through incompatible types. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS6.6AI score0.00588EPSS
Exploits1References8Affected Software4
SUSE CVE
SUSE CVEadded 2025/06/06 2:14 a.m.2 views

SUSE CVE-2025-48060

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jvstringvfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void p = mallocsz;. As of time of publication, no patched versions are...

5.3CVSS6.8AI score0.00588EPSS
Exploits1References8
OSV
OSVadded 2025/05/21 6:15 p.m.4 views

AZL-61974 CVE-2025-48060 affecting package jq for versions less than 1.6-4

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jvstringvfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void p = mallocsz;. As of time of publication, no patched versions are...

8.7CVSS6.6AI score0.00588EPSS
Exploits1References1
OSV
OSVadded 2025/05/21 6:15 p.m.4 views

ALPINE-CVE-2025-48060

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jvstringvfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void p = mallocsz;. As of time of publication, no patched versions are...

7.5CVSS6.7AI score0.00588EPSS
Exploits1References1
CVE
CVEadded 2025/05/21 5:32 p.m.167 views

CVE-2025-48060

CVE-2025-48060 affects jq up to version 1.7.1, where a heap-buffer-overflow in the jv_string_vfmt path can crash the process when formatting strings (OSS-Fuzz harness). The issue is triggered in jq_fuzz_execute and references malloc in jv.c. As of publication, no patch existed in the initial desc...

8.7CVSS6.5AI score0.00588EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2025/05/14 12:3 a.m.4 views

OSV-2025-363 Heap-buffer-overflow in jv_string_vfmt

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=417323384 Crash type: Heap-buffer-overflow READ 2 Crash state: jvstringvfmt jvstringfmt jvget...

7.2AI score
Exploits0References1
OSV
OSVadded 2024/11/15 12:16 a.m.5 views

OSV-2024-1312 Heap-buffer-overflow in jv_string_vfmt

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=378836890 Crash type: Heap-buffer-overflow READ 13 Crash state: jvstringvfmt jvstringfmt jvparsesizedcustomflags...

7.2AI score
Exploits0References1
OSV
OSVadded 2023/12/22 12:11 a.m.5 views

OSV-2023-1344 Heap-buffer-overflow in jv_string_vfmt

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65198 Crash type: Heap-buffer-overflow READ 2 Crash state: jvstringvfmt jvstringfmt jvget...

7.2AI score
Exploits0References1
Rows per page
Query Builder