465 matches found
CVE-2026-25632
EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...
CVE-2020-37008 EasyPMS 1.0.0 - Authentication Bypass
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...
CVE-2020-7980
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...
CVE-2020-12725
Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...
CVE-2025-66786
OpenAirInterface CN5G AMF=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack...
CVE-2019-16999
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...
CVE-2019-16890
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
CVE-2025-66786
OpenAirInterface CN5G AMF=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack...
CVE-2025-66458
CVE-2025-66458 – Lookyloo is affected in versions prior to 1.35.3. The issue stems from unsafe use of f-strings in Markup, enabling multiple XSS when a malicious third-party server responds with a JSON document containing JavaScript in a script element. The vulnerability is fixed in 1.35.3. Remed...
CVE-2025-59789 Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser
Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...
CVE-2022-4985 Vodafone H500s WiFi Password Disclosure via activation.json
Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...
CVE-2024-58274
Hikvision CSMP Comprehensive Security Management Platform iSecure Center through 2024-08-01 allows execution of a command within $ in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025...
EUVD-2018-8794
Malware in sbrugna...
EUVD-2007-2371
Malware in sbrugna...
EUVD-2018-8789
Malware in sbrugna...
EUVD-2018-8795
Malware in sbrugna...
EUVD-2016-3151
Malware in sbrugna...
EUVD-2018-1886
Malware in sbrugna...
EUVD-2018-6317
Malware in sbrugna...
EUVD-2019-3162
Malware in sbrugna...