370197 matches found
CVE-2026-36909
Summary of CVE-2026-36909 (MPC-BE): A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function in Aleksoid1978 MPC-BE prior to commit 4341cb3 allows a crafted MP4 file to trigger a Denial of Service. Affected component: MPC-BE (Aleksoid1978). Root cause: NULL pointer dereference in Get...
CVE-2026-34008
Technical details about CVE-2026-34008 are not publicly available in the provided documents. No impacted products, root cause, or remediation are disclosed. Monitor for updates as new information is released.
CVE-2026-0163
The connected document BDU:2026-08965 describes a vulnerability in the Android VPU OS driver, specifically in VPU_IOCX_OPEN_INSTANCE() and vpu_put_inst(). The issue arises from using memory after it has been freed when retrieving the driver instance from an array and resetting the reference count...
CVE-2026-51946
CVE-2026-51946 describes a SQL injection vulnerability in the GoAdminGroup GoAdmin project (GoAdmin) affecting the last release, v1.2.26. The issue, exploitable via the __sort_type URL parameter on all /admin/info/{table} endpoints, could allow a remote attacker to execute arbitrary code and disc...
CVE-2026-38142
CVE-2026-38142 describes an unauthenticated command-injection in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05, exploitable by injecting crafted payload into the mac parameter. The NVD/CVE listings confirm the vulnerability, with a CVSS 3.1 base score of 6.5 (Network, ...
CVE-2026-52190
CVE-2026-52190 affects UTT nv518G nv518GV3, version 3.2.7-210919-161313. A buffer overflow in the gohead/sub_448384 component allows a remote attacker to cause a denial of service. Marketed metrics indicate a CVSSv3.1 base score of 7.5 (HIGH) with network attack vector, no privileges required, no...
CVE-2026-52186
CVE-2026-52186 describes a SQL injection in UTT nv518G nv518GV3v3.2.7-210919-161313, via the gohead/sub_463bbc component. The vulnerability is exploitable remotely over the network with no user interaction (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), and could lead to arbitrary code execution...
CVE-2026-36912
A NULL pointer dereference in MPC-BE’s AP4_AtomSampleTable::GetSample() (Aleksoid1978 MPC-BE) before commit 4341cb3 allows a crafted MP4 file to cause a Denial of Service. The available documents do not specify a patched version or concrete remediation; exploit details are not provided in the sou...
CVE-2026-36910
The vulnerability affects MPC-BE (Aleksoid1978) where an access violation occurs in BaseSplitterFile::Read prior to commit 4341cb3, enabling DoS via a crafted MP4 file. The issue is described consistently across multiple trusted sources (NVD, CVE records, EUVD, CVE list, PT Security, AttackersKB,...
CVE-2026-54903
Oj is a Ruby gem that contains a heap corruption vulnerability in Oj.load for JSON strings larger than 2 GB, caused by an integer overflow in buf_append_string (buf.h:61) that turns the length into a negative size_t, leading memcpy to copy out-of-bounds data and crash. Affected versions are those...
CVE-2026-54902
CVE-2026-54902 affects the Ruby gem Oj (Optimized JSON). In SAJ mode prior to 3.17.2, the parser’s key caching can be GC’d while the C parser still references it, causing a Use-After-Free and a segfault when a freed VALUE is accessed. The issue is fixed in version 3.17.2. Exploitation details are...
CVE-2026-54901
Oj (Optimized JSON) Ruby gem contains a Use-After-Free in Oj::Parser in normal mode prior to 3.17.2: during GC, array_class/hash_class refs may be reclaimed, leaving a dangling VALUE for the next parse and causing a segfault. Fixed in version 3.17.2. Affected: Oj::Parser parsing flow; trigger is ...
CVE-2026-54900
CVE-2026-54900 (Oj Gem) affects the Ruby gem Oj (Optimized JSON). In versions before 3.17.2, when running in usual mode with create_id enabled, Oj::Parser#parse is vulnerable to heap corruption via a negative-size memcpy. Specifically, if a JSON object key is exactly 65,535 bytes, an integer trun...
CVE-2026-54898
CVE-2026-54898 (Oj gem) affects the Ruby JSON parser Oj in versions before 3.17.2. The vulnerability occurs when a SAJ/SAJ2 callback mutates the input string during parsing, causing the C engine’s raw pointer into Ruby’s string buffer to become dangling and resulting in a heap use-after-free on t...
CVE-2026-54897
Oj (Optimized JSON) Ruby gem versions prior to 3.17.2 contain a heap use-after-free in Oj::Doc iterators (each_value, each_child, each_leaf). If a Ruby block yields during iteration and doc.close or d.close is called, the heap memory is freed while the C iterator is active, leading to a use-after...
CVE-2026-54896
Oj (Optimized JSON) Ruby gem prior to 3.17.2 is affected when operating in object mode; Oj.dump can trigger a heap buffer overflow while serializing Exception objects with a large indent value. The issue stems from allocating a buffer sized for object attributes but not accounting for accumulated...
CVE-2026-54592
The CVE-2026-54592 vulnerability affects Oj (Optimized JSON), a Ruby gem JSON parser/marshaller. In versions prior to 3.17.3, Oj::Doc#each_child can overflow a fixed-size stack buffer when recursively traversing deeply nested JSON, causing a DoS. The issue arises from a two-step chain in ext/oj/f...
CVE-2026-54502
Oj (Optimized JSON) is a Ruby gem that provides a JSON parser and object marshaller. Vulnerability: in versions prior to 3.17.2, Oj.dump can trigger a stack-based buffer overflow when a very large indent value is used. The root cause is fill_indent in dump.h calling memset(indent_str, ' ', (size_...
CVE-2026-54500
Oj (Optimized JSON) is a Ruby gem for JSON parsing/ marshalling. Affects versions prior to 3.17.3 where Oj.load in mode :object reads uninitialized stack memory when a JSON object has a long key (254+ bytes). In ext/oj/intern.c, form_attr() passes an uninitialized stack buffer to rb_intern3(), ca...
CVE-2026-54899
Oj (Optimized JSON) is a Ruby gem for JSON parsing/marshalling. Prior to 3.17.2, disabling symbol_keys on a reused Oj::Parser can cause a heap use-after-free when toggling symbol_keys from true to false: opt_symbol_keys_set frees the internal key cache but does not clear the pointer, so the next ...