Fedora 44 : python-ujson (2026-5725d633ec)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5725d633ec advisory. Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling. Tenable has...

CVE-2026-32874 UltraJSON has a Memory Leak parsing large integers allows DoS

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

CVE-2026-32874

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001448)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001448 advisory. An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allo...

EUVD-2024-0286

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-6790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP...

Thinkgem JeeSite 输入验证错误漏洞

Thinkgem JeeSite is an open source Java EE enterprise-class rapid development platform of China Zhuo Yuan Thinkgem company . The platform includes system permissions components , data permissions components , data dictionary components , core tools components , view manipulation components ,...

Deserialization of untrusted data

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

PT-2024-19987 · Oracle · Jdk

Name of the Vulnerable Software and Affected Versions: SOFARPC versions prior to 5.12.0 Description: SOFARPC is a Java RPC framework that defaults to using the SOFA Hessian protocol to deserialize received data. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of...

PT-2021-8010 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.0-rc5 Description: The issue is related to an array overrun in the rtw get tx power params function. This occurs when the value of group is 5 for channel 14, causing an out-of-bounds access in the bw40 base...