EUVD-2021-8681

Malicious code in bioql PyPI...

EUVD-2023-41946

Malicious code in bioql PyPI...

EUVD-2024-18096

Malicious code in bioql PyPI...

Monero: Critical Deadlock Vulnerability in Monero RPC Leading to Complete Node Paralysis

A deadlock vulnerability was discovered in the Monero JSON-RPC interface that allowed a remote, unauthenticated attacker to completely paralyze any Monero node with a single HTTP request containing specific batch methods, leading to permanent denial of service. The vulnerability affected all...

Malicious code in shardeum-json-rpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac467fd35bd9312b691bb92f0e8b7fa7658031ed548664e1676022ec8cae3713 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-51240

An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package...

CVE-2023-28096

OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

CVE-2021-21369

Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prio...

CVE-2021-28143

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute under System Tools...

CVE-2018-25041

A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be...

CVE-2021-26605

An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication...

CVE-2024-20381

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

[SECURITY] [DSA 5847-1] snapcast security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5847-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 21, 2025 https://www.debian.org/security/faq -...

Exploit for CVE-2024-49369

CVE-2024-49369 Overview This vulnerability leverages the I...

CVE-2024-49369 Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...

CVE-2024-49369 Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...

CVE-2024-51240

An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package...

CVE-2024-51240

An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package...

CVE-2024-51240

CVE-2024-51240 affects the luci-mod-rpc component of OpenWRT Luci LTS, enabling privilege escalation from an admin user to root via the JSON-RPC-API exposed by luci-mod-rpc. OpenVAS details cite a CVSSv3 base score of 7.7 (AV:A/AC:L/Au:S/C:C/I:C/A:C). Remediation status in the connected OpenWRT N...