CVE-2024-48214

KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data...

CVE-2024-48214

CVE-2024-48214 affects the Kerui HD 3MP 1080P Tuya Camera (version 1.0.4). The vulnerability is a command injection in the QR code–based local network connection module. An attacker can craft an unauthenticated QR code and abuse a JSON parameter (SSID or PASSWORD) to execute arbitrary code on the...

firefox: thunderbird: Cross-origin access to JSON contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...

firefox: thunderbird: Cross-origin access to JSON contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...

CVE-2024-45299 alf.io's preloaded data as json is not escaped correctly

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is not escaped correctly, the administrator / event admin could break their own install by inserting non correctly escaped text. The...

CVE-2024-45299 alf.io's preloaded data as json is not escaped correctly

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is not escaped correctly, the administrator / event admin could break their own install by inserting non correctly escaped text. The...

alf.io 安全漏洞

Alf.io is a free and open source event attendance management system from Alf.io Open Source. A security vulnerability exists in versions prior to alf.io 2.0-M5 that stems from preloaded json data that is not properly escaped, which could result in an administrator or event administrator inserting...

CVE-2024-39226

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...

CVE-2024-39226

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...

CVE-2024-39226

CVE-2024-39226 affects a broad set of GL.iNet routers (AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750, MT3000/MT2500/AXT1800/AX1800/A1300/X300B, XE300/E750/AP1300/S1300, XE3000/X3000) with firmware versions ranging from 4.3.11 to 4.4. The vulnerability allows manipulating router...

AZL-60091 CVE-2024-4467 affecting package qemu for versions less than 6.2.0-24

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

MinIO vulnerability exploit CVE-2023-28432 Description T...

CVE-2024-3218

The CVE-2024-3218 entry affects Shibang Communications IP Network Intercom Broadcasting System v1.0, specifically the /php/busyscreenshotpush.php endpoint. The vulnerability arises from path traversal via manipulation of jsondata[callee]/jsondata[imagename] to escalate outside the intended direct...

CVE-2024-26577

VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service application hang via a spoofed UDP packet containing at least 10 digits in JSON data...

CVE-2024-26577

VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service application hang via a spoofed UDP packet containing at least 10 digits in JSON data...

CVE-2024-26577

VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service application hang via a spoofed UDP packet containing at least 10 digits in JSON data...

CVE-2024-26577

VSeeFace prior to and including version 1.13.38.c2 is affected by a denial-of-service vulnerability: a spoofed UDP packet containing at least 10 digits in JSON data can cause the application to hang. The available connected documents confirm the product and vulnerable versions (1.13.38.c2 and ear...

Arbitrary Code Execution

qiskitibmruntime is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient input validation during the deserialization of JSON data using qiskitibmruntime.RuntimeDecoder. This lack of proper validation allows an attacker to craft malicious input strings that, when...