Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-54500: CWE-125: Out-of-bounds Read in ohler55 ojCVE-2026-54500 0 Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.3 contain an out-of-bounds read vulnerability in the Oj.load function when parsing JSON objects with keys 254 bytes or longer. This flaw causes uninitialized stack memory to be read and potentially disclosed to the caller via interned symbols or error messages. The issue has been fixed in version 3.17.3. Join the discussion | GCVE Database | 06/30/2026, 23:08:28 UTC Added: 07/01/2026, 01:33:34 UTC |
CVE-2026-54502: CWE-121: Stack-based Buffer Overflow in ohler55 ojCVE-2026-54502 0 Oj (Optimized JSON) is a Ruby gem for JSON parsing and marshalling. Versions prior to 3.17.2 contain a stack-based buffer overflow vulnerability in the Oj.dump function when a large :indent value is used. The vulnerability arises because the fill_indent function calls memset with the indent size unchecked, allowing an attacker to cause a stack overflow by specifying a very large indent value such as INT_MAX. This issue has been fixed in version 3.17.2. Join the discussion | GCVE Database | 06/30/2026, 23:10:27 UTC Added: 07/01/2026, 01:33:34 UTC |
CVE-2026-54592: CWE-125: Out-of-bounds Read in ohler55 ojCVE-2026-54592 0 Oj (Optimized JSON) is a Ruby gem JSON parser vulnerable to an out-of-bounds read in versions prior to 3.17.3. The vulnerability occurs in the Oj::Doc#each_child method when recursively processing deeply nested JSON documents, causing a fixed-size stack buffer overflow and process abort (DoS). This is due to missing bounds checks and improper stack pointer restoration during recursion. The issue has been fixed in version 3.17.3. Join the discussion | GCVE Database | 06/30/2026, 23:16:24 UTC Added: 07/01/2026, 01:33:34 UTC |
CVE-2026-54896: CWE-122: Heap-based Buffer Overflow in ohler55 ojCVE-2026-54896 0 Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.2 have a heap-based buffer overflow vulnerability in Oj.dump when serializing Exception objects with a large indent value in object mode. The overflow occurs because the serializer does not account for the added indent bytes, leading to heap memory corruption. This issue is fixed in version 3.17.2. Join the discussion | GCVE Database | 06/30/2026, 23:20:27 UTC Added: 07/01/2026, 01:33:34 UTC |
CVE-2026-54897: CWE-416: Use After Free in ohler55 ojCVE-2026-54897 0 Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.2 have a heap use-after-free vulnerability in Oj::Doc iterators (each_value, each_child, each_leaf). This occurs when a Ruby block yields during iteration and calls doc.close or d.close, freeing the document's heap memory while the C iterator is still active. The iterator then accesses freed memory, causing a use-after-free condition. This vulnerability has been fixed in version 3.17.2. Join the discussion | GCVE Database | 06/30/2026, 23:22:43 UTC Added: 07/01/2026, 01:33:34 UTC |
CVE-2026-54898: CWE-416: Use After Free in ohler55 ojCVE-2026-54898 0 Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.2 contain a use-after-free vulnerability in the Oj::Parser#parse method when a SAJ/SAJ2 callback mutates the input JSON string during parsing. This occurs because the C parser holds a raw pointer to the Ruby string's internal buffer, which can be reallocated and freed if the string is resized during a callback. The issue has been fixed in version 3.17.2. Join the discussion | GCVE Database | 06/30/2026, 23:24:23 UTC Added: 07/01/2026, 01:33:34 UTC |
CVE-2026-54900: CWE-190: Integer Overflow or Wraparound in ohler55 ojCVE-2026-54900 0 Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.2 contain an integer overflow vulnerability in the usual mode with create_id enabled. Specifically, when a JSON object key is exactly 65,535 bytes long, an integer truncation causes a negative size to be passed to memcpy, resulting in heap corruption and process crash. This issue is fixed in version 3.17.2. Join the discussion | GCVE Database | 06/30/2026, 23:34:05 UTC Added: 07/01/2026, 01:33:34 UTC |
CVE-2026-54903: CWE-190: Integer Overflow or Wraparound in ohler55 ojCVE-2026-54903 0 Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.2 contain an integer overflow vulnerability in the buf_append_string function, which can cause heap corruption when parsing JSON strings larger than 2 GB. This flaw leads to an out-of-bounds memory copy and process crash. The issue is fixed in version 3.17.2. Join the discussion | CVE Database V5 | 06/30/2026, 23:42:06 UTC Added: 07/01/2026, 00:06:33 UTC |
CVE-2026-54902: CWE-416: Use After Free in ohler55 ojCVE-2026-54902 0 Oj (Optimized JSON) Ruby gem versions prior to 3.17.2 contain a Use-After-Free vulnerability in SAJ mode. The vulnerability arises because cached object keys of 35 bytes or more are not protected from garbage collection. A Ruby callback triggering garbage collection inside hash_end can cause the key string to be freed while still referenced by the C parser, leading to a segmentation fault. This issue is fixed in version 3.17.2. Join the discussion | CVE Database V5 | 06/30/2026, 23:40:32 UTC Added: 07/01/2026, 00:06:33 UTC |
CVE-2026-54901: CWE-416: Use After Free in ohler55 ojCVE-2026-54901 0 Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.2 have a Use-After-Free vulnerability in Oj::Parser when running in usual mode. This occurs because array_class and hash_class references are not marked during garbage collection, potentially leading to a dangling pointer and a segmentation fault during parsing. The issue is fixed in version 3.17.2. Join the discussion | CVE Database V5 | 06/30/2026, 23:36:38 UTC Added: 07/01/2026, 00:06:33 UTC |
Showing 1 to 10 of 10 results