2329 matches found
CVE-2026-58263
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...
CVE-2026-54898
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...
CVE-2026-54898 Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...
CVE-2026-54898
CVE-2026-54898 (Oj gem) affects the Ruby JSON parser Oj in versions before 3.17.2. The vulnerability occurs when a SAJ/SAJ2 callback mutates the input string during parsing, causing the C engine’s raw pointer into Ruby’s string buffer to become dangling and resulting in a heap use-after-free on t...
GHSA-JFC7-64V2-MR8C @sigstore/core has DSSE payloadType type-binding failure
Impact The preAuthEncoding function in @sigstore/core uses Node.js 'ascii' encoding when converting the PAE Pre-Authentication Encoding string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designe...
GO-2026-5374 Kyverno Controller Denial of Service via forEach Mutation Panic in github.com/kyverno/kyverno
Kyverno Controller Denial of Service via forEach Mutation Panic in github.com/kyverno/kyverno...
CVE-2026-49983
Summary of CVE-2026-49983 details (Deno): Deno’s process.loadEnvFile() incorrectly bypasses env permission checks. It only verifies read permission on the dotenv file and then writes all keys from the file into process.env, even if env access is denied. This means that with --allow-read and a wri...
GHSA-Q2GM-54R6-8FWM Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation
Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...
Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation
Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the parse function. An attacker can cause memory corruption by mutating the input JSON string during parsing callbacks, which leads to the parser accessing freed memory. Remediation Upgrade oj to version 3.17.3 or...
CVE-2026-49291
mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call...
CVE-2026-49291
mcp-memory-service (semantic memory layer for AI apps) exposed the HTTP MCP JSON-RPC endpoint at /mcp such that OAuth read scope allowed mutating actions. Before patch 10.65.3, a read-only OAuth client could invoke tools/call to reach store_memory and delete_memory, bypassing REST write scope che...
Astra Linux – Vulnerability in Firefox
A hashtable in the Ion Engine could have been mutated while there was a live internal reference, resulting in a potential use-after-free and exploitable crash. This vulnerability affects Firefox versions less than 118...
Astra Linux – Vulnerability in Firefox
It was possible to mutate a JavaScript object in such a way that the JIT compiler could crash while tracing it. This vulnerability affects Firefox versions less than 125...
PT-2026-51084
Name of the Vulnerable Software and Affected Versions oj gem affected versions not specified Description A heap use-after-free occurs in Oj::Parserparse when a SAJ/SAJ2 callback mutates the input JSON string during the parsing process. The C engine maintains a raw pointer to the Ruby string's...
Oj - Use-After-Free in Oj::Parser SAJ Callback via Input Mutation
Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...
Trust Boundary Violation
Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Trust Boundary Violation through the mutation of data.allowedTags or data.allowedAttributes in hooks, which directly alters the global default sets used for...
DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`
Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR CWE: CWE-501 Trust Boundary Violation — hook-scoped mutation leaks to global default sets via CWE-693 Protection Mechanism Failure — the default allow-list is silently widened f...
Exploit for CVE-2026-41490
CVE-2026-41490 — SQL Injection in Dagster database I/O manager...
EUVD-2026-36626
OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval...