CVE-2026-48506

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...

CVE-2026-48512 MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack...

CVE-2026-41711

Applications using Spring Data Commons may be vulnerable to a Denial of Service DoS attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through...

CVE-2026-44375 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

CVE-2026-44375 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

GHSA-2CWQ-PWFR-WCW3 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...

Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1617)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1617 advisory. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, a...

tinyobjloader 安全漏洞

tinyobjloader is an application developed by Dan Kiyochi. There is a security vulnerability in tinyobjloader, which stems from the experimental/tinyobjloaderopt.h file containing a stack overflow issue, potentially leading to denial-of-service attacks...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

EUVD-2017-8748

Malware in sbrugna...

EUVD-2024-1914

Malicious code in bioql PyPI...

EUVD-2025-10263

Malicious code in bioql PyPI...

EUVD-2025-28482

Malicious code in bioql PyPI...

EUVD-2022-1319

Malicious code in bioql PyPI...

EUVD-2022-6839

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.12 security update

A new security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This upda...

VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json

CVE-2024-21907 addresses a mishandling of exceptional conditions vulnerability in Newtonsoft.Json before version 13.0.1. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the...

Alibaba Cloud Linux 3 : 0144: pki-deps:10.6 (ALINUX3-SA-2025:0144)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0144 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-52999: jackson-core contains core low-leve...

RHEL 8 : pki-deps:10.6 (RHSA-2025:14117)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14117 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes:...