EUVD-2025-13642

Malicious code in bioql PyPI...

Fedora 42 : perl-Cpanel-JSON-XS (2025-f4f4dae8f2)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f4f4dae8f2 advisory. This update fixes an issue where a specially-crafted JSON input could cause an integer overflow leading to a crash in the program parsing the JSON...

CVE-2025-59398

The OCPP implementation in libocpp before 0.26.2 allows a denial of service EVerest crash via JSON input larger than 255 characters, because a CiString object is created with StringTooLarge set to Throw...

CVE-2025-59398

The OCPP implementation in libocpp before 0.26.2 allows a denial of service EVerest crash via JSON input larger than 255 characters, because a CiString object is created with StringTooLarge set to Throw...

Missing Report of Error Condition

Overview Affected versions of this package are vulnerable to Missing Report of Error Condition via the ChargePoint::messagecallback function. An attacker can cause a crash by submitting JSON input exceeding 255 characters, which triggers an exception due to the StringTooLarge parameter being set ...

CVE-2025-59398

Summary : CVE-2025-59398 affects the libocpp OCPP implementation prior to 0.26.2. The vulnerability arises when processing JSON input larger than 255 characters, which leads to a crash due to a CiString object created with StringTooLarge set to Throw, resulting in a denial of service (EVerest cra...

PT-2025-37737

Name of the Vulnerable Software and Affected Versions libocpp versions prior to 0.26.2 Description The OCPP implementation in libocpp is susceptible to a denial of service EVerest crash when processing JSON input exceeding 255 characters. This occurs because a CiString object is created with...

CVE-2025-59398

The OCPP implementation in libocpp before 0.26.2 allows a denial of service EVerest crash via JSON input larger than 255 characters, because a CiString object is created with StringTooLarge set to Throw...

libocpp 安全漏洞

libocpp is an open charge point protocol open-sourced by EVerest. A security vulnerability exists in versions prior to libocpp 0.26.2, which stems from a crash caused by the creation of a CiString object when processing JSON input of more than 255 characters, potentially resulting in a denial of...

Fedora 43 : perl-Cpanel-JSON-XS (2025-ce67f2ffd1)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ce67f2ffd1 advisory. This update fixes an issue where a specially-crafted JSON input could cause an integer overflow leading to a crash in the program parsing the JSON...

Linux Distros Unpatched Vulnerability : CVE-2025-6709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the SIMD.xs process. An attacker can cause a segmentation fault and potentially disrupt service availability by submitting specially crafted JSON input. Remediation Upgrade pjuhasz/JSON-SIMD to version 1.0...

MongoDB 6.0.x < 6.0.21 / 7.0.x < 7.0.17 / 8.0.x < 8.0.5 DoS OIDC Authentication (SERVER-106748)

The version of MongoDB installed on the remote host is 6.0 prior to 6.0.21, 7.0 prior to 7.0.17 and 8.0 prior to 8.0.5. It is, therefore, affected by a vulnerability as referenced in the SERVER-106748 advisory. - The MongoDB Server is susceptible to a denial of service vulnerability due to improp...

Security Bulletin: Jackson-Core Prior to 2.15.0 Due to Unbounded Nesting in JSON Input

Summary jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is...

Atlassian Confluence 7.19.x < 8.5.22 / 8.6.x < 9.2.4 / 9.3.x < 9.4.1 (CONFSERVER-99835)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-99835 advisory. - A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ''...

CVE-2025-6709

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...

CVE-2025-6709

CVE-2025-6709 describes a denial-of-service vulnerability in MongoDB Server caused by improper handling of specific date values in JSON input when using OIDC authentication. Affected are MongoDB Server versions prior to 7.0.17 (7.0.x), prior to 8.0.5 (8.0.x), and prior to 6.0.21 (6.0.x). In v7.0/...

CVE-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...

CVE-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...

Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...