116 matches found
CVE-2025-66450 LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats wit...
EUVD-2014-8020
Malware in sbrugna...
EUVD-2018-15665
Malware in sbrugna...
EUVD-2018-19663
Malware in sbrugna...
EUVD-2018-19614
Malware in sbrugna...
EUVD-2018-19662
Malware in sbrugna...
EUVD-2018-19615
Malware in sbrugna...
EUVD-2018-10550
Malware in sbrugna...
EUVD-2018-19616
Malware in sbrugna...
EUVD-2024-19444
Malicious code in bioql PyPI...
EUVD-2024-31705
Malicious code in bioql PyPI...
Arbitrary Code Injection
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection via the convertToValidJSONString function. An attacker can execute arbitrary JavaScript code with full server privileges by supplying malicious input to the...
Bridging AI and Software Security: a Comparative Vulnerability Assessment of LLM Agent Deployment Paradigms
Large Language Model LLM agents face security vulnerabilities spanning AI-specific and traditional software domains, yet current research addresses these separately. This study bridges this gap through comparative evaluation of Function Calling architecture and Model Context Protocol MCP deployme...
CVE-2024-3102
A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...
USN-7250-1: Netdata vulnerabilities
It was discovered that Netdata incorrectly handled parsing JSON input, which could lead to a JSON injection. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2018-18836 It was discovered that Netdata incorrectly handled parsing HT...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.10 : Netdata vulnerabilities (USN-7250-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7250-1 advisory. It was discovered that Netdata incorrectly handled parsing JSON input, which could lead to a JSON injection. An attacker...
Ubuntu: Security Advisory (USN-7250-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-21832
A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body...
CVE-2024-21832
CVE-2024-21832 concerns PingFederate with a potential JSON injection vector in REST API data stores via POST requests carrying a JSON body. Metrics indicate low base score (3.5), network access, high attack complexity, and scope changes with partial integrity impact. No explicit remediation or ex...
CVE-2024-21832 PingFederate REST API Data Store Injection
A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body...