19859 matches found
CVE-2026-6216
DbGate (up to version 7.1.4) contains a cross-site scripting vulnerability in the SVG Icon String Handler, specifically in the file packages/web/src/icons/FontIcon.svelte. The vulnerability arises from manipulation of the argument applicationIcon within the FontIcon component, allowing an attacke...
CVE-2026-6216
A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...
CVE-2026-40042
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...
CVE-2026-32316
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...
CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...
CVE-2026-32316
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...
EUVD-2026-22039
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...
CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...
CVE-2026-32316
CVE-2026-32316 affects jq up to and including 1.8.1, where the functions jvp_string_append() and jvp_string_copy_replace_bad() lack string size bounds checks. Concatenating strings that exceed 2^31 bytes causes a 32-bit unsigned overflow in buffer allocation, producing a heap buffer overflow (CWE...
CVE-2026-40087
A flaw was found in LangChain. A missing validation of f-string prompt templates in some classes, specifically in DictPromptTemplate and ImagePromptTemplate, can cause the evaluation of attribute access or indexing expressions during template formatting. Also, f-string validation based on parsed...
nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...
nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...
PT-2026-32518
A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...
jq 输入验证错误漏洞
jq is a lightweight and flexible command-line JSON processor developed by jqlang. Versions of jq prior to 1.8.1 have a vulnerability related to input validation errors. This vulnerability stems from integer overflows in the jvpstringAppend and jvpstringCopyReplaceBad functions, which may lead to ...
EUVD-2026-22059
An issue in the pickle protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message...
CVE-2026-31048
An issue in the pickle protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message...
Linux Distros Unpatched Vulnerability : CVE-2026-32316
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad...
PT-2026-32504
CVE-2026-31048 An issue in the codepickle/code protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message. https://t.co/9RAOHY9pwL...
PT-2026-32491
Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description An integer overflow occurs within the jvp string append and jvp string copy replace bad functions when concatenating strings with a combined length exceeding 2^31 bytes. This leads to a 32-bit unsigned...
GHSA-R5V8-C28H-F8R8 MetaGPT affected by server-side request forgery in metagpt/utils/common.py
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.2. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...