Lucene search
+L

367 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:35 a.m.11 views

CVE-2017-18349

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

10CVSS7.8AI score0.3897EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.7 views

CVE-2023-4883

Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF Virtual Network Function, and triggering the ogssbimessagefree function, which could cause a...

7.5CVSS6.8AI score0.00515EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/09 7:41 a.m.7 views

Unsafe Dependency Resolution

Overview com.alibaba:fastjson is a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to the unsafe implementation of the checkAutoType function. An attacker can execute arbitrary code by supplying a crafted JSON document...

10CVSS9AI score0.0069EPSS
Exploits0References3
NVD
NVD
added 2025/12/19 5:15 p.m.5 views

CVE-2025-63665

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...

9.8CVSS0.00428EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52498

Name of the Vulnerable Software and Affected Versions GT Edge AI Platform versions prior to 2.0.10-dev Description An issue in GT Edge AI Platform allows attackers to execute arbitrary code by injecting a crafted JSON payload into the Prompt window. The vulnerability involves the potential for co...

9.8CVSS7.7AI score0.00428EPSS
Exploits0References9
CVE
CVE
added 2025/12/19 12:0 a.m.21 views

CVE-2025-63665

CVE-2025-63665 affects GT Edge AI in multiple builds. GT Edge AI Community Edition versions before v2.0.12 are vulnerable to arbitrary code execution via a crafted JSON payload injected into the Prompt window. GT Edge AI Platform before v2.0.10-dev is similarly vulnerable to the same flaw. The is...

9.8CVSS7.4AI score0.00428EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.29 views

CVE-2025-63665

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...

0.00428EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/18 5:39 a.m.7 views

CVE-2024-29370

A flaw was found in python-jose. This vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio, leading to significant memory allocation and processing time during decompression...

7.5CVSS6AI score0.00169EPSS
Exploits1References4
OSV
OSV
added 2025/12/12 9:15 p.m.5 views

CVE-2025-67634

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

6.1CVSS5.6AI score0.00162EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 8:36 p.m.6 views

EUVD-2025-203114

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

4.6CVSS5.7AI score0.00162EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/11 10:1 p.m.10 views

CVE-2023-53740

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...

9.8CVSS7.2AI score0.00845EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/10 9:31 p.m.9 views

EUVD-2023-60186

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...

8.6CVSS6.7AI score0.00845EPSS
Exploits1References7
EUVD
EUVD
added 2025/12/10 8:31 a.m.7 views

EUVD-2025-202406

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...

6.3CVSS6.6AI score0.00405EPSS
Exploits0References2
CVE
CVE
added 2025/12/10 8:31 a.m.14 views

CVE-2025-9315

The CVE-2025-9315 issue affects the MXsecurity Series and stems from Improperly Controlled Modification of Dynamically-Determined Object Attributes. An unauthenticated remote attacker can send a crafted JSON payload to the device registration endpoint /api/v1/devices/register to register unauthor...

6.3CVSS6.8AI score0.00405EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 6:30 p.m.12 views

CVE-2025-66458 Lookyloo has multiple XSS due to unsafe use of f-strings in Markup

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...

5.3CVSS0.00161EPSS
Exploits0References2
NVD
NVD
added 2025/11/26 8:15 p.m.5 views

CVE-2025-12571

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON...

7.5CVSS0.00453EPSS
Exploits0References3
OSV
OSV
added 2025/11/26 7:46 p.m.5 views

CVE-2025-12571 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON...

7.5CVSS6.8AI score0.00453EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/22 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0186: haproxy (ALINUX3-SA-2025:0186)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0186 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-11230: Inefficient algorithm complexity in...

7.5CVSS5.5AI score0.00524EPSS
Exploits0References2
NVD
NVD
added 2025/11/19 10:15 a.m.7 views

CVE-2025-11230

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

7.5CVSS0.00524EPSS
Exploits0References1
OSV
OSV
added 2025/11/19 10:15 a.m.6 views

AZL-70583 CVE-2025-11230 affecting package haproxy for versions less than 2.9.11-4

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

7.5CVSS7.2AI score0.00524EPSS
Exploits0References1
Rows per page
Query Builder