Lucene search
+L

634 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago13 views

Malicious code in pure-folder-three (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e83bf74d7c84c48a1a478d7bb40bbd899c4fda613f1512b66184d3de478b480 [email protected] executes attacker-controlled shell commands on install and on import. The postinstall entry src/build.js decodes an obfuscate...

6.3AI score
Exploits0References2
Fedora
Fedora
added 2026/07/11 12:55 a.m.7 views

[SECURITY] Fedora 43 Update: perl-HTML-Gumbo-0.19-1.fc43

Gumbo is an implementation of the HTML5 parsing algorithm implemented as a pure C99 library with no outside dependencies...

9.8CVSS6.1AI score0.00663EPSS
Exploits0
NVD
NVD
added 2026/07/06 2:16 a.m.8 views

CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS0.0033EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 2:16 a.m.4 views

DEBIAN-CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.0033EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 2:16 a.m.4 views

UBUNTU-CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.0033EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 1:34 a.m.9 views

EUVD-2026-41798

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.0033EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 1:34 a.m.8 views

CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6AI score0.0033EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/06 1:34 a.m.5 views

CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.0033EPSS
Exploits0
CVE
CVE
added 2026/07/06 1:34 a.m.22 views

CVE-2026-14803

Mojo::JSON prior to version 9.47 is vulnerable to memory exhaustion due to unbounded recursion in the pure-Perl JSON decoder (_decode_value -> _decode_array/_decode_object). The issue arises when the pure-Perl path is used (default if Cpanel::JSON::XS is not installed or MOJO_NO_JSON_XS=1); a ...

6.5CVSS6AI score0.0033EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 1:34 a.m.38 views

CVE-2026-14803 Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

0.0033EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 1:34 a.m.4 views

CVE-2026-14803 Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.0033EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55851

Name of the Vulnerable Software and Affected Versions Mojo::JSON versions prior to 9.47 Description The pure-Perl decoder allows memory exhaustion due to unbounded recursion. Specifically, the decode path where decode value dispatches to decode array and decode object lacks a depth limit, enablin...

6.5CVSS6AI score0.0033EPSS
Exploits0References6
Fedora
Fedora
added 2026/06/28 1:10 a.m.7 views

[SECURITY] Fedora 43 Update: python-mistune-3.2.1-1.fc43

The fastest markdown parser in pure Python, inspired by marked...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Pure Storage FlashArray Purity 安全漏洞

Pure Storage FlashArray Purity is a driver from the American company Pure Storage. It provides comprehensive data services. There is a security vulnerability in Pure Storage FlashArray Purity, which stems from improper permission allocation in the management interface. This vulnerability may allo...

8.6CVSS5.3AI score0.00279EPSS
Exploits0References2
RustSec
RustSec
added 2026/06/04 12:0 p.m.20 views

`pqcrypto-mlkem` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to ML-KEM FIPS 203 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/04 12:0 p.m.18 views

`pqcrypto-mldsa` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to ML-DSA FIPS 204 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/04 12:0 p.m.22 views

`pqcrypto-sphincsplus` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to SPHINCS+/SLH-DSA FIPS 205 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result,...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/04 12:0 p.m.26 views

RUSTSEC-2026-0160 `pqcrypto-sphincsplus` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to SPHINCS+/SLH-DSA FIPS 205 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result,...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/04 12:0 p.m.18 views

RUSTSEC-2026-0166 `pqcrypto-mldsa` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to ML-DSA FIPS 204 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/04 12:0 p.m.19 views

RUSTSEC-2026-0164 `pqcrypto` is unmaintained: upstream PQClean project being archived

The pqcrypto crate and the entire pqcrypto- ecosystem wrap C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches, algorithm updates, or bug fixes will be applied to the upstream implementations. ...

5.8AI score
Exploits0References3
Rows per page
Query Builder