CVE-2026-9516

A flaw was found in Cpanel::JSON::XS, a Perl module used for processing JSON data. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted input that begins with a UTF-8 Byte Order Mark BOM. When a decode filter callback encounters an error with...

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

BIT-THRIFT-2026-41607 Apache Thrift: C++ JSON OOB read

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

GHSA-H6RJ-3M53-887H PocketMine-MP: LogDoS by large complex unknown property logging in clientData in LoginPacket

Impact Attackers can put large and/or complex structures as a value to an unknown property in the clientData JWT body in the Minecraft LoginPacket, causing the server to generate very long log messages. Additionally, the property name is logged without any length limitations or sanitization, whic...

Logging of Excessive Data

Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Logging of Excessive Data through the processing of unexpected properties in the clientData of the LoginPacket...

EGroupware has SQL Injection in Nextmatch Filter Processing

Summary Critical Authenticated SQL Injection in Nextmatch Widget Filter Processing A critical SQL Injection vulnerability exists in the core components of EGroupware, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL commands into the...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-11230)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-11230 advisory. - Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial...

CVE-2025-66786

OpenAirInterface CN5G AMF=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack...

PT-2026-1863

Name of the Vulnerable Software and Affected Versions OpenAirInterface CN5G AMF versions through 2.0.1 Description A logical error exists in the processing of JSON format requests. Remote attackers can send malicious JSON data to the AMF's SBI interface, potentially causing a denial-of-service...

CVE-2025-66786

OpenAirInterface CN5G AMF

CVE-2025-66786

OpenAirInterface CN5G AMF=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack...

EUVD-2025-202636

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

CVE-2025-12044

Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing JSON payloads before applying rate limits. An attacker can cause service disruption by sending specially crafted JSON payloads that bypass rate limiting. Note: This is...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the processing of malicious JSON payloads in the request handling process. An attacker can exhaust system memory and CPU resources by sending specially crafted JSON objects that, when deserialized, consume...

OESA-2025-2365 perl-JSON-XS security update

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. Security Fixes: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when...

RLSA-2025:17162 Moderate: perl-JSON-XS security update

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. Security Fixes: JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON CVE-2025-40928 For...

perl-JSON-XS security update

An update is available for perl-JSON-XS. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module converts Perl data structures to JSON and vice versa. Its...

RLSA-2025:10585 Moderate: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: jq has signed integer...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by a denial of service due to JSON-P Java API

Summary JSON-P java api is used by IBM Operations Analytics - Log Analysis as part of converting plain Java objects to and from JSON data in WebSphere Application Server Liberty. CVE-2025-36097. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere Application Server 9.0 and...