CVE-2026-27932 joserfc PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

CVE-2026-3224

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

CVE-2026-3224

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

CVE-2026-3224

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution (CVE-2025-13465, CVE-2025-61140) and denial of service (CVE-2025-15284)

Summary Node.js modules lodash, qs and jsonpath are used by IBM App Connect Enterprise Certified Container. All IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution CVE-2025-13465, CVE-2025-61140 and denial of service CVE-2025-15284. This bulletin...

CVE-2026-3465 Tuya App/SDK JSON Data Point denial of service

A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the argument cruisetime causes denial of service. Remote exploitation of the attack is possible. The...

CVE-2026-3465

The CVE-2026-3465 entry concerns Tuya App and SDK 24.07.11 on Android. It cites a vulnerability in the JSON Data Point Handler where manipulating the cruise_time argument can cause a denial of service. The attack is described as remotely exploitable with high attack complexity, and exploitation i...

CVE-2026-3465 Tuya App/SDK JSON Data Point denial of service

A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the argument cruisetime causes denial of service. Remote exploitation of the attack is possible. The...

OPENSUSE-SU-2026:20318-1 Security update for gitea-tea

This update for gitea-tea fixes the following issues: Changes in gitea-tea: - update to 0.12.0: New Features - Add tea actions commands for managing workflow runs and workflows in 880, 796 - Add tea api subcommand for arbitrary API calls not covered by existing commands in 879 - Add repository...

SUSE-SU-2026:0777-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs bsc1250620. - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cau...

CVE-2026-27206

A flaw was found in zumba/json-serializer. A remote attacker can exploit a deserialization vulnerability by providing untrusted JSON input that leverages a special @type field to instantiate arbitrary classes. This can lead to PHP Object Injection, potentially allowing the attacker to achieve...

Malicious Package

Overview turbo-json-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in turbo-json-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a239b53ed6cbc1e72aac660afa08204b9de36dae39068c30cf175ddd390b4fd1 The package turbo-json-parser was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1213 Malicious code in turbo-json-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a239b53ed6cbc1e72aac660afa08204b9de36dae39068c30cf175ddd390b4fd1 The package turbo-json-parser was found to contain malicious code. Source: ghsa-malware...

CVE-2026-1487

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...

EUVD-2026-9271

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...

CVE-2026-1487

CVE-2026-1487 relates to the LatePoint WordPress plugin (Calendar Booking Plugin for Appointments and Events), with vulnerability in all versions up to and including 5.2.7. The issue is an authenticated SQL injection via JSON Import, exploitable by attackers with Administrator-level access and ab...

CVE-2026-1487 LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...

CVE-2026-1487 LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...

CVE-2026-1487

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...