level-json-cache (=0.0.0), midibin-api (=0.0.0) +6 more potentially affected by unknown CVE via level-json (>=0.0.2 <=2.0.0)

level-json NPM version =0.0.2, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.2.6 Source cves: unknown CVE Source advisory: OSV:MAL-2025-25199...

CBL Mariner 2.0 Security Update: jq (CVE-2025-48060)

"The version of jq installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-48060 advisory. - jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present i...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in json-20230227.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of json-20230227.jar Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to...

CVE-2024-49364

CVE-2024-49364 affects tiny-secp256k1 (NPM wrapper). Prior to 1.1.7, if global Buffer comes from the NPM buffer package, the Buffer.isBuffer check can be bypassed, enabling private key extraction by signing a malicious JSON-stringifiable object via key reuse across messages. The issue is fixed in...

CVE-2019-11319

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value...

Security update for iperf

This update for iperf fixes the following issues: Update to 3.18 bsc1234705, CVE-2024-53580: SECURITY NOTE: Thanks to Leonid Krolle Bi.Zone for discovering a JSON type security vulnerability that caused a segmentation fault in the server. CVE-2024-53580 This has now been fixed. PR1810 UDP packets...

CVE-2024-10707

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue CVE-2024-4941. This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a speciall...

Out-of-bounds Read

JSON is vulnerable to an out-of-bounds read. The vulnerability is due to improper handling of specially crafted JSON documents, allowing an attacker to cause a crash or leak sensitive memory contents...

GHSA-9M3Q-RHMV-5Q44 vulnerabilities

Vulnerabilities for packages: ruby3.4-json, ruby3.2-json, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.1-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, ruby3.3-json...

CVE-2025-27788 Ruby JSON Parser has Out-of-bounds Read

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

CVE-2025-0696

A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input...

SUSE CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...

PYSEC-2024-73

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...

WordPress Redux Framework plugin <= 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting vulnerability

Unauthenticated JSON File Upload to Stored Cross-Site Scripting vulnerability discovered by villu164 in WordPress Plugin Redux Framework versions = 4.4.17...

mysql: Server: JSON unspecified vulnerability (CPU Apr 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

USN-6746-1: Google Guest Agent and Google OS Config Agent vulnerability

It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a denial of service...

GHSA-H6J3-J35F-V2X7 PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. netresearch/jsonmapper allows objects to be hydrated from scalar types in JSON. However, due to the lack of validation in the code for this feature, it may output improperly initialized objects if applied to...

PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. netresearch/jsonmapper allows objects to be hydrated from scalar types in JSON. However, due to the lack of validation in the code for this feature, it may output improperly initialized objects if applied to...

Security Bulletin: Vulnerability in json affects IBM Process Mining CVE-2023-5072

Summary There is a vulnerability in json that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION...

GHSA-92JH-GWCH-JQ38 PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to the particular handling of NULL types in the json mapper which accepts NULL type values in typed arrays which PocketMine-MP did not expect. Code processing arrays in the JSON data could the...