224 matches found
PT-2026-52645
Name of the Vulnerable Software and Affected Versions hauler versions prior to 2.0.1-1.1 Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. This...
Astra Linux - Vulnerability in golang-gogoprotobuf
A issue was discovered in GoGo Protobuf before version 1.3.2. The plugin/unmarshal/unmarshal.go file lacks certain index validations, also known as the “skippy peanut butter” issue...
Astra Linux – Vulnerability in golang-gopkg-yaml.v3
A issue with the Un Marshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input...
CVE-2026-10268
A flaw was found in janet-lang janet. A local attacker can trigger an integer overflow in the unmarshalonefiber function. This vulnerability could lead to a denial of service DoS, making the application unavailable to legitimate users...
CVE-2026-10268
A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...
CVE-2026-10268 janet-lang janet marsh.c unmarshal_one_fiber integer overflow
A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...
CVE-2026-10268
The CVE affects janet-lang Janet up to 1.41.0, specifically the unmarshal_one_fiber function in src/core/marsh.c. A manipulation can cause an integer overflow, with local-host exploitation possible. A public PoC exists, and the patch d9b1d711ea1fde52ac73a82088b512a3e17bad0d provides remediation. ...
EUVD-2026-33681
A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...
CVE-2026-10268 janet-lang janet marsh.c unmarshal_one_fiber integer overflow
A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...
PT-2026-45445
A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal one fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made...
Janet 输入验证错误漏洞
Janet is a functional and imperative programming language and bytecode interpreter developed by Janet Language. Versions of Janet prior to 1.41.0 had a vulnerability related to input validation errors. This vulnerability stemmed from incorrect operations in the function unmarshalonefiber found in...
Deserialization of Untrusted Data
Overview APScheduler is an In-process task scheduler with Cron-like capabilities Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unmarshalobject function in the JSONSerializer and CBORSerializerserializers. An attacker can exploit this by submitting a...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
apscheduler 安全漏洞
apscheduler is a Python task scheduling and queueing system developed by Alex Grönholm. There are security vulnerabilities in the apscheduler 3.10.x version and 4.0.0a5 version. These vulnerabilities stem from the unmarshalobject function in JSONSerializer and CBORSerializer, which allows arbitra...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
CVE-2026-31072
The vulnerability CVE-2026-31072 affects APScheduler’s JSONSerializer and CBORSerializer across all versions (including 3.10.x and 4.0.0a5). The root cause is insecure deserialization: the unmarshal_object function can instantiate arbitrary classes and inject state by dynamically importing module...