Lucene search
K

2329 matches found

CVE
CVE
added 1 hour ago4 views

CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS
Exploits0References1
NVD
NVD
added 21 hours ago4 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday7 views

CVE-2026-54898 Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS
Exploits0References1
CVE
CVE
added yesterday20 views

CVE-2026-54898

CVE-2026-54898 (Oj gem) affects the Ruby JSON parser Oj in versions before 3.17.2. The vulnerability occurs when a SAJ/SAJ2 callback mutates the input string during parsing, causing the C engine’s raw pointer into Ruby’s string buffer to become dangling and resulting in a heap use-after-free on t...

2.1CVSS5.9AI score
Exploits0References1
OSV
OSV
added 5 days ago2 views

GHSA-JFC7-64V2-MR8C @sigstore/core has DSSE payloadType type-binding failure

Impact The preAuthEncoding function in @sigstore/core uses Node.js 'ascii' encoding when converting the PAE Pre-Authentication Encoding string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designe...

5.4CVSS5.8AI score
Exploits0References2
OSV
OSV
added 6 days ago3 views

GO-2026-5374 Kyverno Controller Denial of Service via forEach Mutation Panic in github.com/kyverno/kyverno

Kyverno Controller Denial of Service via forEach Mutation Panic in github.com/kyverno/kyverno...

7.7CVSS5.9AI score0.00369EPSS
Exploits1References4
CVE
CVE
added 2026/06/23 5:16 p.m.7 views

CVE-2026-49983

Summary of CVE-2026-49983 details (Deno): Deno’s process.loadEnvFile() incorrectly bypasses env permission checks. It only verifies read permission on the dotenv file and then writes all keys from the file into process.env, even if env access is denied. This means that with --allow-read and a wri...

5.2CVSS5.9AI score0.00098EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/19 7:36 p.m.4 views

GHSA-Q2GM-54R6-8FWM Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...

8.7CVSS6.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.11 views

Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...

2.1CVSS6.1AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/19 7:36 p.m.5 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the parse function. An attacker can cause memory corruption by mutating the input JSON string during parsing callbacks, which leads to the parser accessing freed memory. Remediation Upgrade oj to version 3.17.3 or...

9.1CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/19 7:16 p.m.8 views

CVE-2026-49291

mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call...

8.1CVSS0.00264EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 5:59 p.m.19 views

CVE-2026-49291

mcp-memory-service (semantic memory layer for AI apps) exposed the HTTP MCP JSON-RPC endpoint at /mcp such that OAuth read scope allowed mutating actions. Before patch 10.65.3, a read-only OAuth client could invoke tools/call to reach store_memory and delete_memory, bypassing REST write scope che...

8.1CVSS5.9AI score0.00264EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox

A hashtable in the Ion Engine could have been mutated while there was a live internal reference, resulting in a potential use-after-free and exploitable crash. This vulnerability affects Firefox versions less than 118...

9.8CVSS7.3AI score0.00812EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox

It was possible to mutate a JavaScript object in such a way that the JIT compiler could crash while tracing it. This vulnerability affects Firefox versions less than 125...

7.5CVSS6.7AI score0.00567EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.9 views

PT-2026-51084

Name of the Vulnerable Software and Affected Versions oj gem affected versions not specified Description A heap use-after-free occurs in Oj::Parserparse when a SAJ/SAJ2 callback mutates the input JSON string during the parsing process. The C engine maintains a raw pointer to the Ruby string's...

8.7CVSS6AI score
Exploits0References5
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Oj - Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...

2.1CVSS5.9AI score
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/15 7:59 p.m.8 views

Trust Boundary Violation

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Trust Boundary Violation through the mutation of data.allowedTags or data.allowedAttributes in hooks, which directly alters the global default sets used for...

6.1CVSS5.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 7:59 p.m.31 views

DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR CWE: CWE-501 Trust Boundary Violation — hook-scoped mutation leaks to global default sets via CWE-693 Protection Mechanism Failure — the default allow-list is silently widened f...

5.6AI score
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/06/13 7:10 a.m.94 views

Exploit for CVE-2026-41490

CVE-2026-41490 — SQL Injection in Dagster database I/O manager...

8.3CVSS6.2AI score0.00265EPSS
Exploits1
EUVD
EUVD
added 2026/06/13 12:34 a.m.9 views

EUVD-2026-36626

OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval...

9.8CVSS5.2AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder