CVE-2025-4692 ABUP IoT Cloud Platform Incorrect Privilege Assignment

Actors can use a maliciously crafted JavaScript object notation JSON web token JWT to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by t...

CVE-2017-16881

b3log Symphony aka Sym 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java,...

PT-2025-22569 · Unknown · Abup Cloud Update Platform

Name of the Vulnerable Software and Affected Versions: ABUP Cloud Update Platform affected versions not specified Description: The issue allows actors to perform privilege escalation by submitting a maliciously crafted JavaScript object notation JSON web token JWT to a vulnerable method exposed o...

DEBIAN-CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

jettison: parser crash by stackoverflow

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the field label or handle during the import process from JSON. An attacker can execute arbitrary scripts in the context of the interface by inserting malicious content into these fields. Note: This is only...

MISP 安全漏洞

MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.193...

PYSEC-2025-83

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...

Python JSON Logger 安全漏洞

Python JSON Logger is a JSON formatting tool for Python logs by the individual developer Nicholas Hairs. A security vulnerability exists in Python JSON Logger versions prior to 3.3.0, which stems from a missing dependency that could lead to remote code execution...

Distribution 安全漏洞

Distribution is Distribution's open source toolset for packaging, shipping, storing and delivering content. A security vulnerability exists in Distribution versions 3.0.0-beta.1 through 3.0.0-rc.2, which stems from a vulnerability that allows an attacker to inject an untrusted signing key into a...

frozen 代码问题漏洞

frozen is an open source JSON parser and generator for C/C++ from Cesanta Software. A code issue exists in frozen versions prior to 1.7, which is caused by a null pointer dereference. An attacker exploiting this vulnerability could trigger a crash of a component embedded in the library by providi...

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

OESA-2024-2228 json-lib security update

JSON-lib is a java library for transforming beans, maps, collections, java arrays and XML to JSON and back again to beans and DynaBeans. Security Fixes: util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.CVE-2024-47855...

UBUNTU-CVE-2024-47855

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string...

SUSE CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...

DEBIAN-CVE-2024-4467

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

jettison: stack overflow in JSONObject() allows attackers to cause a Denial of Service (DoS) via crafted JSON data

A flaw was found in Jettison. Sending a specially crafted string can cause a stack-based buffer overflow. This issue may allow a remote attacker to cause a denial of service...

NETGEAR RAX30 安全漏洞

NETGEAR RAX30 is a dual-band wireless router from NETGEAR. A security vulnerability exists in NETGEAR RAX30 that originates from a buffer overflow vulnerability during JSON data processing...

cJSON 安全漏洞

cJSON is a lightweight open source JSON parser. A security vulnerability exists in cJSON version v1.7.17, which stems from the inclusion of a segmentation violation, and can be triggered by the second parameter of the cJSONSetValuestring function in cJSON.c. The vulnerability can be exploited by...

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...