Lucene search
K

32 matches found

CVE
CVE
added 2026/06/30 11:3 p.m.23 views

CVE-2026-54899

Oj (Optimized JSON) is a Ruby gem for JSON parsing/marshalling. Prior to 3.17.2, disabling symbol_keys on a reused Oj::Parser can cause a heap use-after-free when toggling symbol_keys from true to false: opt_symbol_keys_set frees the internal key cache but does not clear the pointer, so the next ...

6.3CVSS5.7AI score0.00428EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.7 views

Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle

Summary Disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but does not clear the pointer. The next parse call reads from the freed cache via cacheintern,...

6.3CVSS5.9AI score0.00428EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 7:34 p.m.6 views

GHSA-2CW7-V8FF-P88R Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle

Summary Disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but does not clear the pointer. The next parse call reads from the freed cache via cacheintern,...

8.7CVSS5.9AI score0.00428EPSS
Exploits0References2
RubySec
RubySec
added 2026/06/19 12:0 a.m.6 views

Oj - Use-After-Free in Oj::Parser Symbol Key Cache Toggle

Summary Disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but does not clear the pointer. The next parse call reads from the freed cache via cacheintern,...

6.3CVSS5.8AI score0.00428EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 11:17 p.m.14 views

CVE-2026-50202

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...

5.9CVSS0.0029EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 9:53 p.m.25 views

CVE-2026-50202

Summary: CVE-2026-50202 affects Steeltoe libraries: Steeltoe.Security.Authentication.CloudFoundryBase < 3.4.0, Steeltoe.Security.Authentication.JwtBearer < 4.2.0, and Steeltoe.Security.Authentication.OpenIdConnect

5.9CVSS5.3AI score0.0029EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50566

Name of the Vulnerable Software and Affected Versions Steeltoe.Security.Authentication.CloudFoundryBase versions prior to 3.4.0 Steeltoe.Security.Authentication.JwtBearer versions prior to 4.2.0 Steeltoe.Security.Authentication.OpenIdConnect versions prior to 4.2.0 Description The JWT signing key...

5.9CVSS5.8AI score0.0029EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-47074

Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...

8.7CVSS5.5AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44365

Name of the Vulnerable Software and Affected Versions ex aws sns versions 2.0.1 through 2.3.4 Description Improper Certificate Validation in the ExAws.SNS and ExAws.SNS.PublicKeyCache modules allows for signature spoofing. The function verify message fetches the signing certificate from the...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/24 3:59 p.m.7 views

EUVD-2026-23943

AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache...

5.7CVSS5.1AI score0.00096EPSS
Exploits0References6
NVD
NVD
added 2026/04/20 8:16 p.m.8 views

CVE-2026-6550

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...

5.7CVSS0.00096EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 7:20 p.m.31 views

CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...

5.7CVSS0.00096EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 7:20 p.m.12 views

CVE-2026-6550

The vulnerability CVE-2026-6550 affects the AWS Encryption SDK for Python in its caching layer. A cryptographic downgrade in the key cache could allow an authenticated local actor to bypass key commitment policy enforcement, enabling ciphertext to be decrypted into multiple possible plaintexts. A...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 7:20 p.m.7 views

CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.11 views

PT-2026-33829

Name of the Vulnerable Software and Affected Versions Amazon AWS Encryption SDK for Python versions prior to 3.3.1 Amazon AWS Encryption SDK for Python versions prior to 4.0.5 Description A cryptographic algorithm downgrade in the caching layer may allow an authenticated local threat actor to...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References11
NVD
NVD
added 2026/03/31 3:15 a.m.4 views

CVE-2026-32714

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

9.8CVSS0.00492EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/26 10:4 p.m.3 views

CVE-2026-27838

wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...

3.5CVSS5.7AI score0.00245EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-4650

Malware in sbrugna...

4CVSS6.3AI score0.00769EPSS
Exploits0References4
OSV
OSV
added 2024/05/21 4:15 p.m.2 views

UBUNTU-CVE-2023-52851

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF In the unlikely event that workqueue allocation fails and returns NULL in mlx5mkeycacheinit, delete the call to mlx5rumrresourcecleanup which frees th...

7.8CVSS5.7AI score0.00238EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/05/09 10:3 a.m.3 views

golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...

5.3CVSS6.6AI score0.05623EPSS
Exploits0References9
Rows per page
Query Builder