CVE-2024-29032 `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskitibmruntime.RuntimeDecoder can lead to arbitrary code...

BIT-REDASH-2020-12725

Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...

PT-2025-31022 · Pypi · Serde-Json-Wasm

Name of the Vulnerable Software and Affected Versions: serde-json-wasm versions prior to 1.0.1 Description: The serde-json-wasm crate is susceptible to a stack consumption issue when processing deeply nested JSON data. Recommendations: Update to version 1.0.1 or later...

Hikvision Intercom Broadcasting System Operating System Command Injection Vulnerability

Hikvision Intercom Broadcasting System is an intercom broadcasting system from Hikvision China. An operating system command injection vulnerability exists in Hikvision Intercom Broadcasting System version 3.0.320201113RELEASE HIK, which stems from the parameter jsondataip in the file /php/ping.ph...

VulnCheck KEV: CVE-2020-35131

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI...

AjaxPro Deserialization Remote Code Execution

This module leverages an insecure deserialization of data to get remote code execution on the target OS in the context of the user running the website which utilized AjaxPro. To achieve code execution, the module will construct some JSON data which will be sent to the target. This data will be...

Authentication flaw

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...

Jettison Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2023-39966

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...

CVE-2023-39966 1Panel arbitrary file write vulnerability exists in the background

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...

CVE-2023-39966 1Panel arbitrary file write vulnerability exists in the background

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...

Important: jettison

Issue Overview: Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of servic...

Deserialization of Untrusted Data

Overview kredis is a higher-level data structures built on Redis. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Carefully crafted JSON data processed may result in deserialization of untrusted data, potentially leading to deserialization of unexpected...

EulerOS 2.0 SP5 : jettison (EulerOS-SA-2023-2151)

According to the versions of the jettison package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data. CVE-2022-45685 - Jettison...

PT-2023-21197 · Kredis · Kredis

Name of the Vulnerable Software and Affected Versions: Kredis versions prior to 1.3.0.1 Description: There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code. This issue may result in the deserialization of unexpected objects in the system when carefully...

Cross site scripting

skycaiji v2.5.4 is vulnerable to Cross Site Scripting XSS. Attackers can achieve backend XSS by deploying malicious JSON data...

CVE-2023-33394

skycaiji v2.5.4 is vulnerable to Cross Site Scripting XSS. Attackers can achieve backend XSS by deploying malicious JSON data...

CVE-2022-4815

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...

Design/Logic Flaw

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...

K000134496: Jettison vulnerability CVE-2022-45685

Security Advisory Description A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data. CVE-2022-45685 Impact System performance degradation can occur until the process is forced to restart. This vulnerability allows an attacker to cause a...