19898 matches found
CVE-2026-33210 Ruby JSON has a format string injection vulnerability
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...
CVE-2026-33210
The connected advisory (GHSA-3M6G-2423-7CP3) describes a format string injection vulnerability in Ruby JSON that can cause denial of service or information disclosure when parsing documents with allow_duplicate_key: false. This option is not the default, so impact depends on opting in. The issue ...
CVE-2026-33210 Ruby JSON has a format string injection vulnerability
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...
CVE-2026-33210 Ruby JSON has a format string injection vulnerability
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...
CVE-2026-33210
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...
AVideo has an unauthenticated decrypt oracle leaking any ciphertext
Summary The API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover protected tokens/metadata. Severity: High. Details - Entry:...
GHSA-MWJC-5J4X-R686 AVideo has an unauthenticated decrypt oracle leaking any ciphertext
Summary The API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover protected tokens/metadata. Severity: High. Details - Entry:...
Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
Summary Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an attacker can use a backslash to escape the trailing quote of a string...
GHSA-8CPQ-38P9-67GX Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
Summary Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an attacker can use a backslash to escape the trailing quote of a string...
SQL Injection
Overview kysely is a Type safe SQL query builder Affected versions of this package are vulnerable to SQL Injection via the sanitizeStringLiteral function. An attacker can execute arbitrary SQL commands by supplying specially crafted input containing backslashes and quotes, which are not properly...
Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.
Summary The sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash before a single quote to neutralize the escaping, breaking out of the JSON path...
GHSA-FR9J-6MVQ-FRCV Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.
Summary The sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash before a single quote to neutralize the escaping, breaking out of the JSON path...
SQL Injection
Overview kysely is a Type safe SQL query builder Affected versions of this package are vulnerable to SQL Injection via the sanitizeStringLiteral function. An attacker can execute arbitrary SQL commands by supplying specially crafted input containing backslashes and single quotes, which are not...
CVE-2026-33147 GMT: Stack-based Buffer Overflow in gmt_remote_dataset_id
GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmtremotedatasetid function within src/gmtremote.c. This issue occurs when a specially...
SUSE CVE-2025-69720
The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyzestring in progs/infocmp.c...
CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils
H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...
CVE-2026-33129
H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...
CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils
H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...
PT-2026-26761
Name of the Vulnerable Software and Affected Versions Kysely versions 0.28.12 through 0.28.13 Description Kysely's sanitizeStringLiteral method inadequately handles backslashes when escaping single quotes, leading to potential SQL injection in MySQL databases with the default BACKSLASH ESCAPES SQ...
JSON implementation for Ruby 格式化字符串错误漏洞
JSON Implementation for Ruby is a open-source Ruby implementation of JSON. There were formatting string error vulnerabilities in versions prior to Ruby 2.15.2.1, Ruby 2.17.1.2, and Ruby 2.19.2. These vulnerabilities stem from format string injection when using the allowduplicatekey: false parsing...