Malicious Package

Overview json-parse-genie is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-1952 Malicious code in json-parse-genie (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57744a9f0e3acf081bd2a75ca3684d01e3907f1eab7636e0873ed0ef1bf509ee The package json-parse-genie was found to contain malicious code. Source: ghsa-malware b2293df6ecd418ffd21c1112affa6571afe9a78ff596ce2dd1fac64a470c98...

CLSA-2026-1772453362 protobuf: Fix of CVE-2026-0994

CVE-2026-0994: recursion depth bypass in jsonformat.ParseDict...

PT-2026-7150

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.13.5 Description The mergeConfig function in the Axios library is susceptible to crashing when processing configuration objects that include proto as an own property. An attacker can exploit this by sending a speciall...

MiracleLinux 4 : ruby-1.8.7.352-13.AXS4 (AXSA:2014-036:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-036:01 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...

CVE-2021-33438

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is stack buffer overflow in jsonparsearray in mjs.c...

EUVD-2022-46330

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-49551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsopjsonparse function in the msj.c file. CVE-2023-49551 Note that...

Linux Distros Unpatched Vulnerability : CVE-2024-0232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray function in sqlite3.c. This flaw allows a local attacker to leverage a...

CVE-2023-49551

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsopjsonparse function in the msj.c file...

CVE-2022-45492

Buffer overflow vulnerability in function jsonparsenumber in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...

PT-2025-5752 · Unknown · Eazy-Logger

Name of the Vulnerable Software and Affected Versions: eazy-logger version 4.0.1 Description: A prototype pollution in the lib.Logger function allows attackers to cause a Denial of Service DoS via supplying a crafted payload. This can be achieved by introducing or modifying properties within the...

IBM Lotus Notes Sametime Room Name Bruteforce

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'enumerable' class MetasploitModule 'IBM Lotus Notes Sametime Room Name Bruteforce', 'Description' = %q This module bruteforces Sametime meeting room names via t...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the jsonParseAddNodeArray function in sqlite3.c file. An attacker can potentially lead to a denial of service by passing specially crafted malicious input to the application. Remediation Upgrade sqlite3 to version...

UBUNTU-CVE-2023-49551

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsopjsonparse function in the msj.c file...

PT-2024-13744 · Cesanta · Mjs

Name of the Vulnerable Software and Affected Versions: Cesanta mjs version 2.20.0 Description: An issue in Cesanta mjs allows a remote attacker to cause a denial of service via the mjs op json parse function in the msj.c file. Recommendations: For Cesanta mjs version 2.20.0, consider disabling th...

UBUNTU-CVE-2021-32292

An issue was discovered in json-c from 20200420 post 0.14 unreleased code through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit...

SUSE CVE-2013-4164

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...

SUSE CVE-2015-4478

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...

CVE-2022-45496

Buffer overflow vulnerability in function jsonparsestring in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...