CVE-2026-22243 EGroupware has SQL Injection in Nextmatch Filter Processing

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...

Denial Of Service (DoS)

orjson is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to missing recursion depth limits in orjson.dumps, where deeply nested JSON inputs can cause excessive recursion, leading to stack exhaustion and process crashes...

Malicious Package

Overview json-mapping-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-552 Malicious code in json-mapping-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51d9a56e7e0fdb852db49a56abffcdded34d184708b167002fe2e199438063aa The package json-mapping-web was found to contain malicious code. Source: ghsa-malware 37a8fbc4bd325b28e53dce222bdb8b8e10ff6f5559edb6e97605e1ee5cec17...

Malicious code in json-mapping-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51d9a56e7e0fdb852db49a56abffcdded34d184708b167002fe2e199438063aa The package json-mapping-web was found to contain malicious code. Source: ghsa-malware 37a8fbc4bd325b28e53dce222bdb8b8e10ff6f5559edb6e97605e1ee5cec17...

PT-2026-5137

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...

Debian dla-4458 : python-django-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4458 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4458-1 [email protected]...

Serialization Injection Vulnerability

LangChain is vulnerable to a Serialization Injection Vulnerability. The vulnerability is due to improper handling of user-controlled objects containing lc keys in the toJSON serialization logic, which allows an attacker to inject crafted data that is mistakenly treated as a trusted LangChain obje...

CVE-2026-24810

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in rethinkdb src/cjson modules. This vulnerability is associated with program files cJSON.Cc. This issue affects rethinkdb: through v2.4.4...

CVE-2026-24813

CVE-2026-24813 describes a NULL pointer dereference in abcz316/SKRoot-linuxKernelRoot, tied to the cJSON.Cpp component within the testRoot/jni/utils modules. The issue affects SKRoot-linuxKernelRoot. Reported impact indicates high potential for availability loss, with no reported confidentiality ...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Nimbus JOSE+JWT

Summary Vulnerabilities have been identified in Nimbus JOSE+JWT, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the FindContainer function. An attacker can gain unauthorized interactive shell access to containers outside their permitted label scope by directly targeting container IDs through th...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the FindContainer function. An attacker can gain unauthorized interactive shell access to containers outside their permitted label scope by directly targeting container IDs through th...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : cJSON vulnerabilities (USN-7973-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7973-1 advisory. It was discovered that cJSON incorrectly handled parsing large numbers. An attacker could possibly use this issue to caus...

📄 MinIO RELEASE.2023-03-20T20-16-18Z Vulnerability Scanner

This PHP script is a command-line vulnerability scanner designed to detect CVE-2023-28432 in MinIO servers. The vulnerability allows unauthenticated access to sensitive environment variables through the /minio/bootstrap/v1/verify endpoint...

SKRoot security vulnerabilities

SKRoot is a Linux kernel root tool developed by abcz316. SKRoot has a security vulnerability, which stems from a null pointer dereferencing in the JSON parsing component cJSON.Cpp, potentially leading to crashes...

📄 AVideo 14.3.1 notify.ffmpeg.json.php Remote Code Execution

AVideo version 14.3.1 unauthenticated remote code execution exploit that leverages notify.ffmpeg.json.php. ============================================================================================================================================= | Title : AVideo 14.3.1 via notify.ffmpeg.json.p...

protobuf affected by a JSON recursion depth bypass

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

GHSA-7GCM-G887-7QV7 protobuf affected by a JSON recursion depth bypass

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...