Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

45 matches found

EUVD
EUVDadded 2026/05/22 5:27 p.m.10 views

EUVD-2026-30674

qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set...

6.3CVSS5.8AI score0.00044EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/05/22 5:27 p.m.12 views

qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.9AI score0.00044EPSS
Exploits0References4Affected Software1
Snyk
Snykadded 2026/05/17 1:28 a.m.4 views

NULL Pointer Dereference

Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to NULL Pointer Dereference in the stringify function, when processing arrays with the options arrayFormat: 'comma' and encodeValuesOnly: true...

6.9CVSS5.9AI score0.00044EPSS
Exploits0References2
NVD
NVDadded 2026/05/17 12:16 a.m.6 views

CVE-2026-8723

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS0.00044EPSS
Exploits0References2
OSV
OSVadded 2026/05/17 12:16 a.m.1 views

DEBIAN-CVE-2026-8723

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.9AI score0.00044EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/05/17 12:16 a.m.3 views

CVE-2026-8723

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.9AI score0.00044EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/16 11:21 p.m.7 views

CVE-2026-8723

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.9AI score0.00044EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/16 11:21 p.m.37 views

CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS0.00044EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/16 11:21 p.m.4 views

CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.9AI score0.00044EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/31 3:8 p.m.20 views

CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.3CVSS0.00035EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/03/29 7:41 a.m.0 views

CVE-2026-33996

A flaw was found in LibJWT, a C JSON Web Token Library. When parsing JSON Web Key JWK files for RSA-PSS, the library did not correctly handle cases where NULL values were encountered instead of expected string values. An attacker could exploit this vulnerability by providing a specially crafted J...

5.9CVSS5.8AI score0.00006EPSS
Exploits0References5
OSV
OSVadded 2026/03/27 11:17 p.m.1 views

DEBIAN-CVE-2026-33996

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.5CVSS5.4AI score0.00006EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/27 10:21 p.m.1 views

EUVD-2026-16899

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.9AI score0.00006EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/27 10:21 p.m.1 views

CVE-2026-33996 LibJWT has NULL/bounds validation in JWK octet and RSA PSS parsing

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.9AI score0.00006EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2026/03/27 10:21 p.m.1 views

CVE-2026-33996

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.9AI score0.00006EPSS
Exploits0References2
OSV
OSVadded 2026/03/27 10:21 p.m.1 views

CVE-2026-33996 LibJWT has NULL/bounds validation in JWK octet and RSA PSS parsing

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.9AI score0.00006EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/27 10:21 p.m.1 views

CVE-2026-33996

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.9AI score0.00006EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/27 12:0 a.m.1 views

PT-2026-28589

Name of the Vulnerable Software and Affected Versions LibJWT versions 3.0.0 through 3.2.9 Description LibJWT, a C JSON Web Token Library, has an issue in the RSA-PSS JWK parsing functionality. Versions prior to 3.3.0 do not adequately validate JSON string values, specifically failing to protect...

5.8CVSS5.8AI score0.00006EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/03/08 1:44 a.m.1 views

CVE-2026-29788

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...

8.4CVSS5.7AI score0.00034EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:29 a.m.4 views

CVE-2019-12408

It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...

7.5CVSS6.7AI score0.02918EPSS
Exploits0References1
Rows per page
Query Builder