Lucene search
K

351 matches found

RedhatCVE
RedhatCVE
added 6 hours ago4 views

CVE-2026-9563

A flaw was found in Eclipse Parsson. The JSON parser did not enforce a default maximum on the number of characters consumed while processing a single JSON document. A remote attacker could exploit this by providing a very large, specially crafted JSON document. This could force applications to...

7.5CVSS6AI score0.00366EPSS
Exploits0References8
OSV
OSV
added 4 days ago8 views

PYSEC-2026-319 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

Summary The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...

9.8CVSS6.6AI score0.0045EPSS
Exploits2References7
NVD
NVD
added last week11 views

CVE-2026-54350

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...

10CVSS0.00538EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 12:33 a.m.6 views

EUVD-2026-39145

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 7:40 p.m.16 views

CVE-2026-46349 Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to...

5.3CVSS0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.12 views

PT-2026-51140

Name of the Vulnerable Software and Affected Versions WordPress Time Capsule Plugin version 1.21.16 Description An authentication bypass allows unauthenticated attackers to gain administrative access by sending a crafted POST request containing the IWP JSON PREFIX header. This flaw enables the...

8.7CVSS5.9AI score0.00398EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in libfastjson

JSON-C version 0.14 has an integer overflow issue, and there is a risk of out-of-bounds write operations through a large JSON file, as demonstrated by the printbufmemappend function...

7.8CVSS6.8AI score0.01888EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libjettison-java

Those who use Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to out-of-memory conditions. This vulnerability could potentially allow for...

7.5CVSS6.8AI score0.01256EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in libjettison-java

A stack overflow in Jettison prior to v1.5.2 allowed attackers to cause a Denial of Service DoS attack through crafted JSON data...

7.5CVSS7.5AI score0.01395EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in python-pymysql

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input, because keys are not escaped by escapedict...

6.3CVSS6.6AI score0.00691EPSS
Exploits1References2
NVD
NVD
added 2026/06/16 10:16 a.m.8 views

CVE-2026-10825

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot...

7.1CVSS0.0024EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/05 4:10 a.m.12 views

[SECURITY] Fedora 43 Update: perl-Cpanel-JSON-XS-4.41-1.fc43

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

7.5CVSS5.8AI score0.00375EPSS
Exploits0
NVD
NVD
added 2026/06/05 12:17 a.m.13 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS0.00433EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/04 11:59 p.m.7 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS5.5AI score0.00433EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/03 3:17 p.m.84 views

ParamStriker

ParamStriker Offline JSON & Query Parameter Exploit Frame...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.8 views

OFCMS SQL注入漏洞

OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from an SQL injection in the Query function of the SysUserController.java file within the JSON query interface...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.12 views

PT-2026-45221

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated remotely...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.9 views

FreeBSD : mail/mailpit -- memory-exhaustion DoS via unbounded JSON body (7ae38fde-5ab6-11f1-a242-10ffe07f9334)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7ae38fde-5ab6-11f1-a242-10ffe07f9334 advisory. Mailpit author reports: Sibling-endpoint memory-exhaustion DoS via unbounded JSON body on...

5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/05/28 6:45 a.m.11 views

EUVD-2026-32732

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbeefileandextjson function. This is due to a flawed strpos substring check that only verifies whether the filename contains the string '.json' rath...

8.8CVSS6.4AI score0.00659EPSS
Exploits0References9
NVD
NVD
added 2026/05/27 6:16 p.m.16 views

CVE-2026-45047

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS0.00441EPSS
Exploits0References1
Rows per page
Query Builder