PT-2025-34126 · Strongdm · Strongdm Macos Client

Name of the Vulnerable Software and Affected Versions: StrongDM macOS client affected versions not specified Description: The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...

Linux Distros Unpatched Vulnerability : CVE-2019-17531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...

BIT-HELM-2025-55199 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...

Exploit for CVE-2024-28397

CVE-2024-28397-command-execution-poc This vulnerability arises...

MAL-2025-12103 Malicious code in @zalastax/nolb-json-l (npm)

The package @zalastax/nolb-json-l was found to contain malicious code...

Malicious code in @zalastax/nolb-json-z (npm)

The package @zalastax/nolb-json-z was found to contain malicious code...

MAL-2025-12113 Malicious code in @zalastax/nolb-json-v (npm)

The package @zalastax/nolb-json-v was found to contain malicious code...

ROS-20250814-06

Vulnerability in Iperf3 network throughput measurement tool is related to incorrect processing of test parameters passed to server in json format. test parameters passed to the server in json format. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of...

CVE-2025-52386

CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file...

CVE-2025-52386

CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file...

CVE-2025-52386

CVE-2025-52386 affects CycloneDX Sunshine v0.9. The issue arises when processing JSON input without validating formulas, enabling a CSV Formula Injection via crafted JSON files. Potential impact includes injection into downstream CSV, depending on how the data are consumed. The connected document...

Wazuh server remote code execution caused by an unsafe deserialization vulnerability.

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are serialized as JSON and...

mod_security: ModSecurity Denial of Service Vulnerability

A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...

CVE-2025-55156

PyLoad (the Python-based download manager) contains a SQL Injection in the add_links parameter of the /json/add_package API. The issue allows attackers to modify or delete data in the database, causing data errors or loss. A patch was released in version 0.5.0b3.dev91; upgrading to this version (...

mod_security: ModSecurity Denial of Service Vulnerability

A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...

JSON Web Token (JWT) Exposure in Log Files

Brocade ASCG before 3.3.0 logs JSON Web Tokens JWT in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure. Note: The vulnerability affects both Brocade ASCG...

tiny-secp256k1 安全漏洞

tiny-secp256k1 is a wrapper for bitcoinjs open source. A security vulnerability exists in tiny-secp256k1 versions prior to 1.1.7 that stems from a possible bypass of checks when validating malicious JSON stringable messages, which could lead to false validation results...

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

CVE-2025-4692

Actors can use a maliciously crafted JavaScript object notation JSON web token JWT to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by t...