Lucene search
K

549 matches found

Tenable Nessus
Tenable Nessus
added yesterday7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issu...

7.5CVSS6.2AI score0.0078EPSS
Exploits0References3
Fedora
Fedora
added 5 days ago12 views

[SECURITY] Fedora 44 Update: rust-jiter-0.16.0-1.fc44

Fast Iterable JSON parser...

5.9AI score
Exploits0
Fedora
Fedora
added 5 days ago13 views

[SECURITY] Fedora 44 Update: python-jiter-0.16.0-1.fc44

Fast iterable JSON parser...

5.9AI score
Exploits0
OSV
OSV
added 2026/07/06 8:10 p.m.2 views

OPENSUSE-SU-2026:21210-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References31
RedhatCVE
RedhatCVE
added 2026/07/03 8:28 a.m.9 views

CVE-2026-9563

A flaw was found in Eclipse Parsson. The JSON parser did not enforce a default maximum on the number of characters consumed while processing a single JSON document. A remote attacker could exploit this by providing a very large, specially crafted JSON document. This could force applications to...

7.5CVSS6AI score0.00366EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-319 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

Summary The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...

9.8CVSS6.6AI score0.0045EPSS
Exploits2References7
OSV
OSV
added 2026/06/27 12:1 a.m.3 views

RLSA-2023:6976 Moderate: libfastjson security update

The libfastjson library provides essential JavaScript Object Notation JSON handling functions. The library enables users to construct JSON objects in C, output them as JSON-formatted strings, and convert JSON-formatted strings back to the C representation of JSON objects. Security Fixes: json-c,...

7.8CVSS5.8AI score0.01888EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 9:16 p.m.13 views

CVE-2026-54350

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...

10CVSS0.00538EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/25 12:33 a.m.6 views

EUVD-2026-39145

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.5 views

CVE-2026-9785

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 7:40 p.m.20 views

CVE-2026-46349 Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to...

5.3CVSS0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.23 views

PT-2026-51140

Name of the Vulnerable Software and Affected Versions WordPress Time Capsule Plugin version 1.21.16 Description An authentication bypass allows unauthenticated attackers to gain administrative access by sending a crafted POST request containing the IWP JSON PREFIX header. This flaw enables the...

8.7CVSS5.9AI score0.00398EPSS
Exploits0References8
NVD
NVD
added 2026/06/16 10:16 a.m.12 views

CVE-2026-10825

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot...

7.1CVSS0.0024EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/05 4:10 a.m.13 views

[SECURITY] Fedora 43 Update: perl-Cpanel-JSON-XS-4.41-1.fc43

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

7.5CVSS5.8AI score0.00361EPSS
Exploits0
NVD
NVD
added 2026/06/05 12:17 a.m.16 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS0.00433EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/04 11:59 p.m.8 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS5.5AI score0.00433EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/03 3:17 p.m.117 views

ParamStriker

ParamStriker Offline JSON & Query Parameter Exploit Frame...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

OFCMS SQL注入漏洞

OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from an SQL injection in the Query function of the SysUserController.java file within the JSON query interface...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.24 views

PT-2026-45221

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated remotely...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.10 views

FreeBSD : mail/mailpit -- memory-exhaustion DoS via unbounded JSON body (7ae38fde-5ab6-11f1-a242-10ffe07f9334)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7ae38fde-5ab6-11f1-a242-10ffe07f9334 advisory. Mailpit author reports: Sibling-endpoint memory-exhaustion DoS via unbounded JSON body on...

5.8AI score
Exploits0References3
Rows per page
Query Builder