213 matches found
CVE-2025-68659
Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attackers to cause noticeable server delays and...
EUVD-2025-206425
Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attackers to cause noticeable server delays and...
CVE-2021-47851 Mini Mouse 9.2.0 - Remote Code Execution
Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script...
CVE-2025-70974
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...
CVE-2025-63665
An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...
CVE-2025-63665
An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...
PT-2025-52498
Name of the Vulnerable Software and Affected Versions GT Edge AI Platform versions prior to 2.0.10-dev Description An issue in GT Edge AI Platform allows attackers to execute arbitrary code by injecting a crafted JSON payload into the Prompt window. The vulnerability involves the potential for co...
CVE-2025-9315
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...
EUVD-2025-202406
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...
Improper Validation of Specified Quantity in Input
Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input n the EVBufferToJson function in the HTTP server component. An...
CVE-2025-12571
CVE-2025-12571 affects GitLab CE/EE, with unauthenticated users able to trigger a Denial of Service by sending specially crafted JSON payloads. Affected are versions 17.10 up to, but not including, 18.4.5; 18.5 up to, but not including, 18.5.3; and 18.6 up to, but not including, 18.6.1. GitLab re...
PT-2025-46699
Name of the Vulnerable Software and Affected Versions Open Access Management OpenAM versions prior to 16.0.0 Description Open Access Management OpenAM contains a flaw where, if the claims parameter supported parameter is enabled, the "oidc-claims-extension.groovy" script allows injection of...
Malicious code in vera-nasi77-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85b5580f68f39cf2e592c325f801e195bf827f2f575579ce0ee912a24242496c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in agus-soto32-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a3c12cf54f5abb1c037a923c7b0fa1bba55a49c477ad3602a7ec8c754ed9e6b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dono-takokak50-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77961aaf1311fcdd9f713bf0ff7ce6f46722808319408b907eb1656bd772c5b4 The package dono-takokak50-miaww was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flood...
CVE-2025-12044
Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...
EUVD-2025-34895
OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests...
CVE-2025-59043
OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and...
CVE-2025-59043 OpenBao vulnerable to denial of service via malicious JSON request processing
OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and...
EUVD-2019-0387
Malware in sbrugna...