51 matches found
Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 2 of 2)
Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161...
CVE-2026-46284
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to...
CVE-2026-8723
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
EUVD-2026-30674
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set...
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
NULL Pointer Dereference
Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to NULL Pointer Dereference in the stringify function, when processing arrays with the options arrayFormat: 'comma' and encodeValuesOnly: true...
DEBIAN-CVE-2026-8723
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...
CVE-2026-33996
A flaw was found in LibJWT, a C JSON Web Token Library. When parsing JSON Web Key JWK files for RSA-PSS, the library did not correctly handle cases where NULL values were encountered instead of expected string values. An attacker could exploit this vulnerability by providing a specially crafted J...
DEBIAN-CVE-2026-33996
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
EUVD-2026-16899
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
CVE-2026-33996
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
CVE-2026-33996
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
CVE-2026-33996 LibJWT has NULL/bounds validation in JWK octet and RSA PSS parsing
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...