Lucene search
K

361 matches found

Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.5 views

PT-2025-52498

Name of the Vulnerable Software and Affected Versions GT Edge AI Platform versions prior to 2.0.10-dev Description An issue in GT Edge AI Platform allows attackers to execute arbitrary code by injecting a crafted JSON payload into the Prompt window. The vulnerability involves the potential for co...

9.8CVSS7.7AI score0.00428EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/12/18 5:39 a.m.6 views

CVE-2024-29370

A flaw was found in python-jose. This vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio, leading to significant memory allocation and processing time during decompression...

7.5CVSS6AI score0.00166EPSS
Exploits1References4
OSV
OSV
added 2025/12/12 9:15 p.m.4 views

CVE-2025-67634

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

6.1CVSS5.6AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 8:36 p.m.5 views

EUVD-2025-203114

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

4.6CVSS5.7AI score0.00159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/11 10:1 p.m.7 views

CVE-2023-53740

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...

9.8CVSS7.2AI score0.00805EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/10 9:31 p.m.5 views

EUVD-2023-60186

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...

8.6CVSS6.7AI score0.00805EPSS
Exploits1References7
EUVD
EUVD
added 2025/12/10 8:31 a.m.5 views

EUVD-2025-202406

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...

6.3CVSS6.6AI score0.00353EPSS
Exploits0References2
CVE
CVE
added 2025/12/10 8:31 a.m.13 views

CVE-2025-9315

The CVE-2025-9315 issue affects the MXsecurity Series and stems from Improperly Controlled Modification of Dynamically-Determined Object Attributes. An unauthenticated remote attacker can send a crafted JSON payload to the device registration endpoint /api/v1/devices/register to register unauthor...

6.3CVSS6.8AI score0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 6:30 p.m.9 views

CVE-2025-66458 Lookyloo has multiple XSS due to unsafe use of f-strings in Markup

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...

5.3CVSS0.00161EPSS
Exploits0References2
NVD
NVD
added 2025/11/26 8:15 p.m.4 views

CVE-2025-12571

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON...

7.5CVSS0.00443EPSS
Exploits0References3
OSV
OSV
added 2025/11/26 7:46 p.m.5 views

CVE-2025-12571 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON...

7.5CVSS6.8AI score0.00443EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/22 12:0 a.m.7 views

Alibaba Cloud Linux 3 : 0186: haproxy (ALINUX3-SA-2025:0186)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0186 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-11230: Inefficient algorithm complexity in...

7.5CVSS5.5AI score0.00469EPSS
Exploits0References2
NVD
NVD
added 2025/11/19 10:15 a.m.6 views

CVE-2025-11230

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

7.5CVSS0.00469EPSS
Exploits0References1
OSV
OSV
added 2025/11/19 10:15 a.m.3 views

CVE-2025-11230

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

7.5CVSS6.5AI score0.00469EPSS
Exploits0References1
OSV
OSV
added 2025/11/19 10:15 a.m.6 views

AZL-70538 CVE-2025-11230 affecting package haproxy for versions less than 2.4.24-2

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

7.5CVSS7.2AI score0.00469EPSS
Exploits0References1
OSV
OSV
added 2025/11/19 10:15 a.m.6 views

AZL-70583 CVE-2025-11230 affecting package haproxy for versions less than 2.9.11-4

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

7.5CVSS7.2AI score0.00469EPSS
Exploits0References1
CVE
CVE
added 2025/11/19 9:28 a.m.53 views

CVE-2025-11230

CVE-2025-11230 affects HAProxy due to inefficient algorithm complexity in the mjson library, enabling remote denial-of-service via specially crafted JSON requests. Connected documents specify vulnerable haproxy versions: < 2.4.24-2 and

7.5CVSS5.8AI score0.00469EPSS
Exploits0References1Affected Software4
OSV
OSV
added 2025/11/18 3:44 p.m.6 views

GO-2025-4123 Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token high compression ratio in github.com/dvsekhvalnov/jose2go

Denial-of-Service DoS via crafted JSON Web Encryption JWE token high compression ratio in github.com/dvsekhvalnov/jose2go...

7.5CVSS6.8AI score0.00236EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.2 views

Astra Linux – Vulnerability in HAPProxy

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service through specially crafted JSON requests...

7.5CVSS5.8AI score0.00469EPSS
Exploits0References3
NVD
NVD
added 2025/10/27 12:15 a.m.6 views

CVE-2025-11447

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

7.5CVSS0.00773EPSS
Exploits0References3
Rows per page
Query Builder