Lucene search
K

81 matches found

RedHat Linux
RedHat Linux
added 2026/07/02 11:34 p.m.2 views

github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input

A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service DoS by providing...

7.5CVSS6.1AI score0.0075EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/06/24 9:21 p.m.3 views

CVE-2026-47110 Tiptap for PHP < 2.1.1 DoS via Malformed href Attribute

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 9:21 p.m.19 views

CVE-2026-47110 Tiptap for PHP < 2.1.1 DoS via Malformed href Attribute

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS0.00305EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 9:21 p.m.5 views

CVE-2026-47110 Tiptap for PHP < 2.1.1 DoS via Malformed href Attribute

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS6AI score0.00305EPSS
Exploits0References7
OSV
OSV
added 2026/06/22 9:14 p.m.3 views

CVE-2026-48512 MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.12 views

Alibaba Cloud Linux 3 : 0115: jq (ALINUX3-SA-2026:0115)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0115 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-39979: A flaw was found in jq, a...

8.2CVSS5.9AI score0.00559EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/05/19 10:19 p.m.12 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:48 p.m.13 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:10 p.m.9 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:6 p.m.10 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
CVE
CVE
added 2026/05/14 10:27 a.m.18 views

CVE-2026-8295

The CVE-2026-8295 issue affects simdjson’s document-builder API, specifically the string_builder::escape_and_append() path. An integer overflow can occur when processing very large input strings on platforms with limited size_t width (e.g., 32-bit builds), causing insufficient buffer allocation a...

6.9CVSS5.9AI score0.00279EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/12 4:7 p.m.8 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
OSV
OSV
added 2026/05/07 5:4 p.m.14 views

CLSA-2026-1778173472 exim: Fix of 2 CVEs

CVE-2026-40685: fix heap corruption when expanding malformed JSON - CVE-2026-40687: fix heap buffer overflow and infoleak in SPA authenticator...

9.8CVSS6.2AI score0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/05 3:9 p.m.9 views

CVE-2026-40685

A flaw was found in Exim. When JSON lookup is enabled, a remote attacker can send specially crafted malformed JSON in an untrusted header, leading to an out-of-bounds heap write. This issue, caused by an incorrect implementation of backslash skipping, can result in a denial of service...

9.8CVSS6AI score0.00321EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 12:0 a.m.63 views

CVE-2026-40685

Exim before 4.99.2 is affected when JSON lookup is enabled. An out-of-bounds heap write can occur if a JSON operator encounters malformed JSON in an untrusted header, caused by an incorrect implementation of the JSON skipping logic. CVSS v3.1 metrics indicate a high-severity, remote-execution-lik...

9.8CVSS5.1AI score0.00321EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.4 views

CVE-2026-40685

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

6.5CVSS5.8AI score0.00321EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.65 views

CVE-2026-40685

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

6.5CVSS0.00321EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/04/30 12:0 a.m.5 views

CVE-2026-40685

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

9.8CVSS5.8AI score0.00321EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.12 views

Amazon Linux 2023 : rclone (ALAS2023-2026-1607)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1607 advisory. crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir...

9.1CVSS7AI score0.01557EPSS
Exploits2References18
Amazon
Amazon
added 2026/04/30 12:0 a.m.15 views

Important: rclone

Issue Overview: crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was...

9.1CVSS6.7AI score0.01557EPSS
Exploits2
Rows per page
Query Builder