Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-54500: CWE-125: Out-of-bounds Read in ohler55 ojCVE-2026-54500
0

Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.3 contain an out-of-bounds read vulnerability in the Oj.load function when parsing JSON objects with keys 254 bytes or longer. This flaw causes uninitialized stack memory to be read and potentially disclosed to the caller via interned symbols or error messages. The issue has been fixed in version 3.17.3.

Join the discussion
CVE-2026-54502: CWE-121: Stack-based Buffer Overflow in ohler55 ojCVE-2026-54502
0

Oj (Optimized JSON) is a Ruby gem for JSON parsing and marshalling. Versions prior to 3.17.2 contain a stack-based buffer overflow vulnerability in the Oj.dump function when a large :indent value is used. The vulnerability arises because the fill_indent function calls memset with the indent size unchecked, allowing an attacker to cause a stack overflow by specifying a very large indent value such as INT_MAX. This issue has been fixed in version 3.17.2.

Join the discussion
CVE-2026-54592: CWE-125: Out-of-bounds Read in ohler55 ojCVE-2026-54592
0

Oj (Optimized JSON) is a Ruby gem JSON parser vulnerable to an out-of-bounds read in versions prior to 3.17.3. The vulnerability occurs in the Oj::Doc#each_child method when recursively processing deeply nested JSON documents, causing a fixed-size stack buffer overflow and process abort (DoS). This is due to missing bounds checks and improper stack pointer restoration during recursion. The issue has been fixed in version 3.17.3.

Join the discussion
CVE-2026-54896: CWE-122: Heap-based Buffer Overflow in ohler55 ojCVE-2026-54896
0

Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.2 have a heap-based buffer overflow vulnerability in Oj.dump when serializing Exception objects with a large indent value in object mode. The overflow occurs because the serializer does not account for the added indent bytes, leading to heap memory corruption. This issue is fixed in version 3.17.2.

Join the discussion
CVE-2026-54897: CWE-416: Use After Free in ohler55 ojCVE-2026-54897
0

Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.2 have a heap use-after-free vulnerability in Oj::Doc iterators (each_value, each_child, each_leaf). This occurs when a Ruby block yields during iteration and calls doc.close or d.close, freeing the document's heap memory while the C iterator is still active. The iterator then accesses freed memory, causing a use-after-free condition. This vulnerability has been fixed in version 3.17.2.

Join the discussion
CVE-2026-54898: CWE-416: Use After Free in ohler55 ojCVE-2026-54898
0

Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.2 contain a use-after-free vulnerability in the Oj::Parser#parse method when a SAJ/SAJ2 callback mutates the input JSON string during parsing. This occurs because the C parser holds a raw pointer to the Ruby string's internal buffer, which can be reallocated and freed if the string is resized during a callback. The issue has been fixed in version 3.17.2.

Join the discussion
CVE-2026-54900: CWE-190: Integer Overflow or Wraparound in ohler55 ojCVE-2026-54900
0

Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.2 contain an integer overflow vulnerability in the usual mode with create_id enabled. Specifically, when a JSON object key is exactly 65,535 bytes long, an integer truncation causes a negative size to be passed to memcpy, resulting in heap corruption and process crash. This issue is fixed in version 3.17.2.

Join the discussion
CVE-2026-54903: CWE-190: Integer Overflow or Wraparound in ohler55 ojCVE-2026-54903
0

Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.2 contain an integer overflow vulnerability in the buf_append_string function, which can cause heap corruption when parsing JSON strings larger than 2 GB. This flaw leads to an out-of-bounds memory copy and process crash. The issue is fixed in version 3.17.2.

Join the discussion
CVE-2026-54902: CWE-416: Use After Free in ohler55 ojCVE-2026-54902
0

Oj (Optimized JSON) Ruby gem versions prior to 3.17.2 contain a Use-After-Free vulnerability in SAJ mode. The vulnerability arises because cached object keys of 35 bytes or more are not protected from garbage collection. A Ruby callback triggering garbage collection inside hash_end can cause the key string to be freed while still referenced by the C parser, leading to a segmentation fault. This issue is fixed in version 3.17.2.

Join the discussion
CVE-2026-54901: CWE-416: Use After Free in ohler55 ojCVE-2026-54901
0

Oj (Optimized JSON) is a Ruby gem for JSON parsing and object marshalling. Versions prior to 3.17.2 have a Use-After-Free vulnerability in Oj::Parser when running in usual mode. This occurs because array_class and hash_class references are not marked during garbage collection, potentially leading to a dangling pointer and a segmentation fault during parsing. The issue is fixed in version 3.17.2.

Join the discussion

Showing 1 to 10 of 10 results

Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses