Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/05/11 8:53 p.m.10 views

CVE-2026-42600

Summary of the vulnerability (CVE-2026-42600) : MinIO’s ReadMultiple internode storage-REST endpoint is vulnerable to path traversal when processing a msgpack-encoded ReadMultipleReq body. An attacker holding the cluster root JWT can craft a request to POST /minio/storage/{drivePath}/v63/rmpl wit...

6.9CVSS5.8AI score0.0002EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/03/18 12:59 p.m.1 views

GHSA-H9Q6-HC68-35RP Denial of service in github.com/shamaton/msgpack

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

7.5CVSS5.9AI score0.00062EPSS
Exploits1References6
CVE
CVEadded 2026/03/16 8:10 p.m.10 views

CVE-2026-2454

Mattermost exposes a DoS vulnerability in the Calls plugin via malformed msgpack frames over WebSocket. Affected versions: 11.3.x ≤ 11.3.0, 11.2.x ≤ 11.2.2, 10.11.x ≤ 10.11.10. Root cause: incorrect handling of reported array lengths, enabling a malicious user to trigger OOM and crash the server....

8.6CVSS5.8AI score0.00127EPSS
Exploits0References1Affected Software1
Snyk
Snykadded 2026/03/05 9:11 p.m.2 views

Deserialization of Untrusted Data

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the msgpack-encoded checkpoints. An attacker can execute arbitrary code by supplying a crafted msgpack-encoded payload to the...

7.3CVSS6AI score0.00332EPSS
Exploits0References2
Snyk
Snykadded 2026/03/05 9:11 p.m.1 views

Deserialization of Untrusted Data

Overview langgraph-checkpoint is a library with base interfaces for LangGraph checkpoint savers. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the msgpack-encoded checkpoints. An attacker can execute arbitrary code by supplying a crafted msgpack-encoded...

7.3CVSS6AI score0.00332EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/05 8:19 p.m.2 views

EUVD-2026-9860

LangGraph checkpoint loading has unsafe msgpack deserialization...

6.8CVSS5.9AI score0.00332EPSS
Exploits0References1
CNNVD
CNNVDadded 2023/12/28 12:0 a.m.1 views

msgpacker security vulnerability

msgpacker is a fast MessagePack NodeJS/JavaScript implementation. A security vulnerability exists in versions of msgpacker prior to 1.10.1, which stems from the fact that when decoding a user-supplied MessagePack message, an attacker can craft the message in such a way that the decoder triggers...

6.8CVSS6.7AI score0.00456EPSS
Exploits0References4
OSV
OSVadded 2023/04/11 6:15 p.m.6 views

CVE-2021-46878

An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flbpackmsgpacktojsonformat leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file an...

7.8CVSS8.1AI score
Exploits0References2
Rows per page
Query Builder