Common Vulnerabilities and Exposures (CVE)

CVE-2026-54896

Jul 1, 2026 12:39:09 UTC

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent val...

CVE-2026-54902

Jul 1, 2026 12:37:40 UTC

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys (≥ 35 bytes) from garbage colle...

CVE-2026-54592

Jul 1, 2026 12:35:39 UTC

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts ...

CVE-2026-12577

Jul 1, 2026 12:35:02 UTC

DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability.

CVE-2026-54901

Jul 1, 2026 12:34:23 UTC

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark array_class and hash_class references during garbage collection, leading to Use-After-Fre...

CVE-2026-10540

Jul 1, 2026 12:34:11 UTC

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterp...

CVE-2026-7840

Jul 1, 2026 12:33:48 UTC

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fix...

CVE-2026-7839

Jul 1, 2026 12:32:35 UTC

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2"...

CVE-2026-58518

Jul 1, 2026 12:31:23 UTC

Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from * before 1.3.3.

CVE-2026-58519

Jul 1, 2026 12:29:57 UTC

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from * before 3.9...

CVE-2026-12579

Jul 1, 2026 12:29:19 UTC

AS228T with Authentication Bypass Vulnerability

CVE-2026-10539

Jul 1, 2026 12:29:09 UTC

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, poten...

CVE-2026-14193

Jul 1, 2026 12:28:00 UTC

DVP80ES300T with Improper Validation of Array Index Vulnerability

CVE-2026-50043

Jul 1, 2026 12:24:26 UTC

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in ...

CVE-2026-10538

Jul 1, 2026 12:24:04 UTC

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially...