Security Bulletin: Vulnerability in nimbus-jose-jwt affects IBM Netezza Appliance

Summary The nimbus-jose-jwt package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-53864 Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker ...

CVE-2025-9121

Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods...

CVE-2025-9121 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data

Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods...

CVE-2025-14542

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

Security Bulletin: Rational Performance Tester contains a vulnerability which could result in a denial of service

Summary Due to the use of the json-path library, Rational Performance Tester contains a vulnerability which could results in a potential denial of service attack. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path v2.8.0 was discovered to contain a stack overflow via the...

PT-2025-51323

Name of the Vulnerable Software and Affected Versions Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions 8.3.x and 9.3.0.x through 10.1.9.x Description The software deserializes untrusted JSON data without restricting the parser to approved classes and methods...

Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.4, which originates from deserializing untrusted JSON...

GHSA-75MJ-4G74-9RG2 Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Hybrid Security Scanner !Telegramhttps://i...

CVE-2025-14542

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

CVE-2025-54981

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

CVE-2025-14542 Command execution in python-utcp allows attackers to achieve remote code execution when fetching a remote Manual from a malicious endpoint

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

Denial Of Service (DoS)

joserfc is vulnerable to Denial of Service DoS. The vulnerability is due to ExceededSizeError exception messages embedding non-decoded JWT token parts, which may cause Python logging systems to process extremely large attacker-supplied JWT payloads, potentially leading to excessive memory or...

Weak Encryption

org.apache.streampark, streampark is vulnerable to weak encryption. The vulnerability is due to the use of AES encryption in ECB mode along with a weak random number generator for protecting sensitive data, which allows an attacker to potentially expose or recover sensitive authentication...

Exploit for Deserialization of Untrusted Data in Facebook React

next88 - React Server Components RCE Scanner High-performance...

Universal Tool Calling Protocol 安全漏洞

Universal Tool Calling Protocol is an official python implementation library for UTCP in the Universal Tool Calling Protocol open source. A security vulnerability exists in Universal Tool Calling Protocol that originates when a client obtains the JSON specification of a tool from a remote Manual...

CVE-2025-67634

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

EUVD-2025-203114

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

CVE-2025-14522

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...