MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

NVD reports: The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and serv...

FreeBSD : MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication (5b87eef6-52aa-11f0-b522-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5b87eef6-52aa-11f0-b522-b42e991fc52e advisory. NVD reports: The MongoDB Server is susceptible to a denial of service vulnerability due to improper...

PT-2025-26973

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 6.0.21 MongoDB Server versions 7.0.0 through 7.0.16 MongoDB Server versions 8.0.0 through 8.0.4 Description: The MongoDB Server is susceptible to a denial of service issue due to improper handling of specific...

EulerOS 2.0 SP12 : yajl (EulerOS-SA-2025-1608)

According to the versions of the yajl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in...

DoS (Denial of Service) Third-Party Dependency in Crowd Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 6.1.0 and 6.2.0 of Crowd Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...

CVE-2025-0695

An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input...

CVE-2021-43853

Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...

CVE-2020-7965

flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

Atlassian Jira Service Management Data Center and Server 5.12.4 < 5.12.22 / 5.13.x < 10.3.5 / 10.4.x < 10.5.1 DoS (JSDSERVER-16144)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a denial of service vulnerability as referenced in the JSDSERVER-16144 advisory. - A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading...

CVE-2025-0649

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

CVE-2025-0649 Stack Exhaustion In Tensorflow Serving

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

CVE-2025-0649

CVE-2025-0649 affects Google’s TensorFlow Serving up to version 2.18.0, where an incorrect JSON input stringification can lead to potentially unbounded recursion and a server crash. Root cause: improper handling of JSON inputs in the serving component. Impact: high availability risk (server crash...

CVE-2025-0649 Stack Exhaustion In Tensorflow Serving

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

PT-2025-19869 · Unknown · Tensorflow

Name of the Vulnerable Software and Affected Versions: Tensorflow serving versions up to 2.18.0 Description: The issue is related to incorrect JSON input stringification in Tensorflow serving, which allows for potentially unbounded recursion. This can lead to a server crash. Recommendations: For...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow through the apply function in org/jsonschema2pojo/rules/SchemaRule.java. An attacker can execute arbitrary code or cause denial of service by manipulating the JSON file input to trigger a stack-based buffer...

json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)

A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370...

RLSA-2024:9193 Moderate: python3.12-PyMySQL security update

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython. Security Fixes: python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 For more details about the...

Denial Of Service (DoS)

net.minidev, json-smart is vulnerable to Denial Of Service DoS. The vulnerability is due to loading a specially crafted JSON input with a large number of ‘’, which allows an attacker to trigger a Denial of Service DoS attack...

GHSA-PQ2G-WX69-C263 Netplex Json-smart Uncontrolled Recursion vulnerability

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...