CVE-2019-16891

Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload...

CVE-2019-16999

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...

CVE-2019-16890

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...

CVE-2024-2260

A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token...

Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC

An authentication bypass vulnerability was discovered in the ID4me handling in the OIDC implementation. The vulnerability was caused by missing JWT signature verification for user authentication...

Improper Access Control via Weak JWT Token Leads to Admin Takeover and Privilege Escalation

Description The application's session management is vulnerable to Authorization Bypass and Vertical Privilege Escalation. During dynamic analysis of the application's authentication flow, I discovered that the JSON Web Tokens JWT are signed with a weak secret key. This allowed me to perform an...

PT-2026-1886

Name of the Vulnerable Software and Affected Versions Foomuuri versions prior to 0.27-2+deb13u1 Foomuuri versions prior to 0.31 Description An Improper Neutralization of Argument Delimiters issue exists in Foomuuri, potentially leading to integrity loss of the firewall configuration or other...

PT-2026-1863

Name of the Vulnerable Software and Affected Versions OpenAirInterface CN5G AMF versions through 2.0.1 Description A logical error exists in the processing of JSON format requests. Remote attackers can send malicious JSON data to the AMF's SBI interface, potentially causing a denial-of-service...

OpenAirInterface CN5G AMF 安全漏洞

OpenAirInterface CN5G AMF is an OpenAirInterface open source application. A security vulnerability exists in OpenAirInterface CN5G AMF v2.0.1 and earlier versions, which stems from a logic error when processing JSON-formatted requests and could lead to a denial-of-service attack...

CVE-2025-66786

OpenAirInterface CN5G AMF

CVE-2025-66786

OpenAirInterface CN5G AMF=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack...

Nokia SR Linux 安全漏洞

Nokia SR Linux is a network operating system from the Finnish company Nokia. A security vulnerability exists in Nokia SR Linux that originates from improper authentication and could lead to unauthorized access to JSON-RPC services...

PT-2026-2136

Name of the Vulnerable Software and Affected Versions Preact versions 10.26.5 through 10.26.9 Preact versions 10.27.0 through 10.27.2 Preact versions 10.28.0 through 10.28.1 Description Preact, a lightweight web development framework, has an issue with JSON serialization protection. A regression...

CVE-2025-66786

OpenAirInterface CN5G AMF=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack...

@klardaten/n8n-nodes-datevconnect (>=1.0.1 <=1.0.2), @n8n/task-runner (>=1.37.0 <=1.57.1) +15 more potentially affected by CVE-2026-21877 via n8n-core (>=1.0.0 <=1.120.1)

n8n-core NPM version =1.0.0, =1.0.1, =1.37.0, =1.0.0, =0.1.0, =1.0.1, =0.3.3, =0.3.1, =1.1.0, =0.1.4, =0.4.10, =0.2.0, =0.2.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-21877 Source advisory: SNYK:JS-N8NCORE-14894271...

Atlassian Confluence < 8.5.17 / 8.6.x < 9.2.1 / 9.3.x < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.0.2 / 10.1.0 XSS (CONFSERVER-101487)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101487 advisory. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse metho...

EUVD-2025-206234

Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope...

Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Impact Applications meeting these two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches both vega library and a vega.View instance similar to the Vega Editor to the global window, or has an...

DEBIAN-CVE-2025-65110

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

UBUNTU-CVE-2025-65110

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...