Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-52186 — UTT nv518G SQL Injection

SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component

| Injection
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.5 MEDIUM
CVE-2026-51946 — GoAdminGroup GoAdmin SQL Injection

SQL Injection vulnerability in GoAdminGroup GoAdmin (last release v1.2.26) allows a remote attacker to execute arbitrary code and obtain sensitive information via the the __sort_type URL parameter on…

Remote | Injection
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-36909 — MPC-BE NULL Pointer Dereference Denial of Service

A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

| Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-36910 — MPC-BE Out-of-Bounds Read Denial of Service

An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

| Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-36911 — Aleksoid MPC-BE division-by-zero Denial of Service

A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a craf…

| Denial of Service
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.3 MEDIUM
CVE-2026-54903 — Oj: Integer Overflow in Oj.load 2GB String Handling

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. A…

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.3 MEDIUM
CVE-2026-54902 — Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached ob…

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.3 MEDIUM
CVE-2026-54901 — Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark array_class and hash_class references during gar…

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.3 MEDIUM
CVE-2026-54900 — Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with create_id enabled, Oj::Parser#parse is vulnerable to heap corru…

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
2.1 LOW
CVE-2026-54898 — Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parser#parse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates…

| Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
2.1 LOW
CVE-2026-54897 — Oj : Use-After-Free in Oj::Doc Iterators via Reentrant Close

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators (each_value, each_child, each_leaf) were vulnerable to a heap use-after-free. Whe…

| Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
2.1 LOW
CVE-2026-54896 — Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing E…

| Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-54592 — Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked recursively over a deeply nested JSON document, overfl…

Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.3 MEDIUM
CVE-2026-54502 — Oj: Stack Buffer Overflow in Oj.dump via Large Indent

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a stack-based buffer overflow when a large :indent value is pr…

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
5.3 MEDIUM
CVE-2026-54500 — Oj: intern.c form_attr has an uninitialized stack read

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory (and, for long keys, reads out…

Remote | Information Disclosure
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.3 MEDIUM
CVE-2026-54899 — Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbol_keys on a reused Oj::Parser instance triggers a heap use-after-free. When …

Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.3 MEDIUM
CVE-2026-55223 — c3p0 exposes a deserialization "sink" via JDBC DataSource bean properties

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.get…

Remote | Injection
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
9.3 CRITICAL
CVE-2026-50110 — Use of Hard-coded Credentials in StoneFly Storage Concentrator

Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encodin…

storage_concentrator | Information Disclosure
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
10.0 CRITICAL
CVE-2026-56413 — OS Command Injection in StoneFly Storage Concentrator

Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform devic…

storage_concentrator | Remote | Injection
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
10.0 CRITICAL
CVE-2026-56415 — OS Command Injection in StoneFly Storage Concentrator

Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP …

storage_concentrator | Remote | Injection
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
Showing 20 of 7946 Results