Lucene search
K

370197 matches found

CVE
CVE
added 2026/07/01 12:0 a.m.11 views

CVE-2026-36909

Summary of CVE-2026-36909 (MPC-BE): A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function in Aleksoid1978 MPC-BE prior to commit 4341cb3 allows a crafted MP4 file to trigger a Denial of Service. Affected component: MPC-BE (Aleksoid1978). Root cause: NULL pointer dereference in Get...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 12:0 a.m.9 views

CVE-2026-34008

Technical details about CVE-2026-34008 are not publicly available in the provided documents. No impacted products, root cause, or remediation are disclosed. Monitor for updates as new information is released.

Exploits0References2
CVE
CVE
added 2026/07/01 12:0 a.m.6 views

CVE-2026-0163

The connected document BDU:2026-08965 describes a vulnerability in the Android VPU OS driver, specifically in VPU_IOCX_OPEN_INSTANCE() and vpu_put_inst(). The issue arises from using memory after it has been freed when retrieving the driver instance from an array and resetting the reference count...

Exploits0References2
CVE
CVE
added 2026/07/01 12:0 a.m.10 views

CVE-2026-51946

CVE-2026-51946 describes a SQL injection vulnerability in the GoAdminGroup GoAdmin project (GoAdmin) affecting the last release, v1.2.26. The issue, exploitable via the __sort_type URL parameter on all /admin/info/{table} endpoints, could allow a remote attacker to execute arbitrary code and disc...

6.5CVSS6.2AI score0.00336EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 12:0 a.m.10 views

CVE-2026-38142

CVE-2026-38142 describes an unauthenticated command-injection in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05, exploitable by injecting crafted payload into the mac parameter. The NVD/CVE listings confirm the vulnerability, with a CVSS 3.1 base score of 6.5 (Network, ...

6.5CVSS6.1AI score0.00685EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 12:0 a.m.14 views

CVE-2026-52190

CVE-2026-52190 affects UTT nv518G nv518GV3, version 3.2.7-210919-161313. A buffer overflow in the gohead/sub_448384 component allows a remote attacker to cause a denial of service. Marketed metrics indicate a CVSSv3.1 base score of 7.5 (HIGH) with network attack vector, no privileges required, no...

7.5CVSS5.8AI score0.00452EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 12:0 a.m.19 views

CVE-2026-52186

CVE-2026-52186 describes a SQL injection in UTT nv518G nv518GV3v3.2.7-210919-161313, via the gohead/sub_463bbc component. The vulnerability is exploitable remotely over the network with no user interaction (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), and could lead to arbitrary code execution...

9.8CVSS6.2AI score0.00527EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 12:0 a.m.12 views

CVE-2026-36912

A NULL pointer dereference in MPC-BE’s AP4_AtomSampleTable::GetSample() (Aleksoid1978 MPC-BE) before commit 4341cb3 allows a crafted MP4 file to cause a Denial of Service. The available documents do not specify a patched version or concrete remediation; exploit details are not provided in the sou...

7.5CVSS5.8AI score0.00343EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 12:0 a.m.11 views

CVE-2026-36910

The vulnerability affects MPC-BE (Aleksoid1978) where an access violation occurs in BaseSplitterFile::Read prior to commit 4341cb3, enabling DoS via a crafted MP4 file. The issue is described consistently across multiple trusted sources (NVD, CVE records, EUVD, CVE list, PT Security, AttackersKB,...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 11:42 p.m.24 views

CVE-2026-54903

Oj is a Ruby gem that contains a heap corruption vulnerability in Oj.load for JSON strings larger than 2 GB, caused by an integer overflow in buf_append_string (buf.h:61) that turns the length into a negative size_t, leading memcpy to copy out-of-bounds data and crash. Affected versions are those...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:40 p.m.27 views

CVE-2026-54902

CVE-2026-54902 affects the Ruby gem Oj (Optimized JSON). In SAJ mode prior to 3.17.2, the parser’s key caching can be GC’d while the C parser still references it, causing a Use-After-Free and a segfault when a freed VALUE is accessed. The issue is fixed in version 3.17.2. Exploitation details are...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:36 p.m.27 views

CVE-2026-54901

Oj (Optimized JSON) Ruby gem contains a Use-After-Free in Oj::Parser in normal mode prior to 3.17.2: during GC, array_class/hash_class refs may be reclaimed, leaving a dangling VALUE for the next parse and causing a segfault. Fixed in version 3.17.2. Affected: Oj::Parser parsing flow; trigger is ...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:34 p.m.27 views

CVE-2026-54900

CVE-2026-54900 (Oj Gem) affects the Ruby gem Oj (Optimized JSON). In versions before 3.17.2, when running in usual mode with create_id enabled, Oj::Parser#parse is vulnerable to heap corruption via a negative-size memcpy. Specifically, if a JSON object key is exactly 65,535 bytes, an integer trun...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:24 p.m.26 views

CVE-2026-54898

CVE-2026-54898 (Oj gem) affects the Ruby JSON parser Oj in versions before 3.17.2. The vulnerability occurs when a SAJ/SAJ2 callback mutates the input string during parsing, causing the C engine’s raw pointer into Ruby’s string buffer to become dangling and resulting in a heap use-after-free on t...

2.1CVSS5.9AI score0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:22 p.m.28 views

CVE-2026-54897

Oj (Optimized JSON) Ruby gem versions prior to 3.17.2 contain a heap use-after-free in Oj::Doc iterators (each_value, each_child, each_leaf). If a Ruby block yields during iteration and doc.close or d.close is called, the heap memory is freed while the C iterator is active, leading to a use-after...

2.1CVSS5.7AI score0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:20 p.m.28 views

CVE-2026-54896

Oj (Optimized JSON) Ruby gem prior to 3.17.2 is affected when operating in object mode; Oj.dump can trigger a heap buffer overflow while serializing Exception objects with a large indent value. The issue stems from allocating a buffer sized for object attributes but not accounting for accumulated...

2.1CVSS6AI score0.00119EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:16 p.m.33 views

CVE-2026-54592

The CVE-2026-54592 vulnerability affects Oj (Optimized JSON), a Ruby gem JSON parser/marshaller. In versions prior to 3.17.3, Oj::Doc#each_child can overflow a fixed-size stack buffer when recursively traversing deeply nested JSON, causing a DoS. The issue arises from a two-step chain in ext/oj/f...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:10 p.m.26 views

CVE-2026-54502

Oj (Optimized JSON) is a Ruby gem that provides a JSON parser and object marshaller. Vulnerability: in versions prior to 3.17.2, Oj.dump can trigger a stack-based buffer overflow when a very large indent value is used. The root cause is fill_indent in dump.h calling memset(indent_str, ' ', (size_...

6.3CVSS6.1AI score0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:8 p.m.26 views

CVE-2026-54500

Oj (Optimized JSON) is a Ruby gem for JSON parsing/ marshalling. Affects versions prior to 3.17.3 where Oj.load in mode :object reads uninitialized stack memory when a JSON object has a long key (254+ bytes). In ext/oj/intern.c, form_attr() passes an uninitialized stack buffer to rb_intern3(), ca...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:3 p.m.26 views

CVE-2026-54899

Oj (Optimized JSON) is a Ruby gem for JSON parsing/marshalling. Prior to 3.17.2, disabling symbol_keys on a reused Oj::Parser can cause a heap use-after-free when toggling symbol_keys from true to false: opt_symbol_keys_set frees the internal key cache but does not clear the pointer, so the next ...

6.3CVSS5.7AI score0.00428EPSS
Exploits0References1
Rows per page
Query Builder