CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU...

CVE-2025-47947 ModSecurity Has Possible DoS Vulnerability

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

PT-2025-22442 · Unknown +6 · Modsecurity +6

Name of the Vulnerable Software and Affected Versions: ModSecurity versions up to and including 2.9.8 modsecurity-apache version 2.9.3-3+deb11u3 and earlier for Debian 11 bullseye modsecurity-apache version 2.9.7-1+deb12u1 and earlier for Debian bookworm Description: A flaw was found in the mod...

CVE-2022-36006

Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution RCE vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This...

CVE-2022-36038

CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...

Denial Of Service (DoS)

github.com/argoproj/argo-cd is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient input validation and resource management for large JSON payloads at the /api/webhook endpoint, which results in excessive memory allocation and triggers an Out Of Memory OOM kill, causing...

CVE-2024-3435

A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...

CVE-2024-3435

A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...

CVE-2024-3435

CVE-2024-3435 affects parisneo/lollms-webui prior to version 9.5. The flaw is a path traversal vulnerability in the save_settings endpoint, caused by insufficient sanitization of the config parameter in the apply_settings function. Attackers can manipulate the application’s configuration by sendi...

CVE-2024-3435 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...

CVE-2024-3435 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...

Fedora 37 : golang-github-docker / golang-github-graylog2-gelf (2023-6b9e2a6534)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6b9e2a6534 advisory. golang-github-graylog2-gelf-2.0.0-5.20201111git1550ee6.fc37 was not in F37 because was override with...

BIT-FLUENTD-2022-39379 Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...

Denial Of Service (DoS)

apimachinery is vulnerable to Denial Of Service DoS. The vulnerability is due to improper depth restrictions when parsing YAML or JSON. This issue can be exploited by an attacker via sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, resulting DoS...

Denial Of Service (DoS)

jwx is vulnerable to Denial Of Service DoS. The vulnerability is due to improper parsing of JSON payloads when the signature field is present while protected is absent, leading to null pointer dereference...

CBL Mariner 2.0 Security Update: rubygem-fluentd (CVE-2022-39379)

The version of rubygem-fluentd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-39379 advisory. - Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, Saa...

K88230177: BIG-IP ASM WebSocket vulnerability CVE-2021-22976

Security Advisory Description When the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. CVE-2021-22976 Impact When this vulnerability is exploited, the BIG-IP ASM system may take...

GHSA-7M9R-RQ9J-WMMH PocketMine-MP vulnerable to denial-of-service by sending large modal form responses

Impact Due to a workaround for an old client bug which has since been fixed, very large JSON payloads in ModalFormResponsePacket were able to cause the server to spend a significant amount of time processing the packet. Large numbers of these packets were able to hog CPU time so as to prevent the...

CVE-2022-41875

A remote code execution RCE vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE remote code execution on the attacked system running Optica. The vulnerability was patched in v...

Remote code execution

A remote code execution RCE vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE remote code execution on the attacked system running Optica. The vulnerability was patched in v...