Lucene search
+L

80 matches found

osv
osv
added 2026/07/06 2:16 a.m.4 views

UBUNTU-CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.0033EPSS
Exploits0References6
euvd
euvd
added 2026/07/06 1:34 a.m.9 views

EUVD-2026-41798

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.0033EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.11 views

PT-2026-55851

Name of the Vulnerable Software and Affected Versions Mojo::JSON versions prior to 9.47 Description The pure-Perl decoder allows memory exhaustion due to unbounded recursion. Specifically, the decode path where decode value dispatches to decode array and decode object lacks a depth limit, enablin...

6.5CVSS6AI score0.0033EPSS
Exploits0References6
osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-502 PyMySQL SQL Injection vulnerability

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

9.8CVSS6.6AI score0.00691EPSS
Exploits1References9
github
github
added 2026/06/23 9:24 p.m.9 views

jackson-databind has @JsonView bypass for setterless creator properties

Summary In BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular property-buffering branch performed no prop.visibleInViewactiveView check. A change making SetterlessProperty.isMerging return true routed setterless...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References6Affected Software2
osv
osv
added 2026/06/23 9:17 p.m.5 views

DEBIAN-CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References1
osv
osv
added 2026/06/23 8:51 p.m.3 views

CVE-2026-54514 jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS6AI score0.00219EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.14 views

PT-2026-51067

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.3 Description When Oj::Doceach child is invoked recursively over a deeply nested JSON document, it can cause a fixed-size stack buffer overflow, leading to a denial of service DoS that aborts the process. This occurs...

7.5CVSS6AI score0.00263EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/05 7:18 p.m.12 views

CVE-2026-45152

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...

7.8CVSS6.3AI score0.00715EPSS
Exploits0References1
susecve
susecve
added 2026/06/04 2:30 a.m.14 views

SUSE CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

8.1CVSS5.8AI score0.00253EPSS
Exploits0References3
nvd
nvd
added 2026/06/03 1:16 a.m.17 views

CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

7.3CVSS0.00253EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/03 12:15 a.m.40 views

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

0.00253EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/03 12:15 a.m.10 views

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

5.8AI score0.00253EPSS
Exploits0References2
euvd
euvd
added 2026/06/03 12:15 a.m.13 views

EUVD-2026-34060

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

7.3CVSS5.8AI score0.00253EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/18 7:59 p.m.14 views

CVE-2026-8656

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM,...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/16 5:0 a.m.8 views

CVE-2026-8656

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM,...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/16 5:0 a.m.52 views

CVE-2026-8656

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM,...

6.1CVSS0.00191EPSS
Exploits0References3
osv
osv
added 2026/05/16 5:0 a.m.4 views

CVE-2026-8656

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM,...

5.1CVSS5.9AI score0.00191EPSS
Exploits0References5
cve
cve
added 2026/05/16 5:0 a.m.17 views

CVE-2026-8656

CVE-2026-8656 affects jsondiffpatch versions before 0.7.6. The vulnerability is Cross-site Scripting (XSS) via the annotated formatter caused by improper sanitization of JSON values and property names. When an application renders annotated formatter output in the DOM from untrusted JSON/object da...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/16 12:0 a.m.30 views

PT-2026-41421

Name of the Vulnerable Software and Affected Versions jsondiffpatch versions prior to 0.7.6 Description Improper sanitization of JSON values and property names in the annotated formatter allows for Cross-site Scripting XSS. This occurs when an application compares untrusted JSON or object data an...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References7
Rows per page
Query Builder