Lucene search
K

123 matches found

NVD
NVD
added 2026/06/25 8:17 p.m.6 views

CVE-2026-57522

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens, which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template referenc...

5CVSS0.00217EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/25 7:9 p.m.19 views

CVE-2026-57522 Bitwarden Server < 2026.5.0 JSON Injection via Webhook Templates

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens, which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template referenc...

3.5CVSS0.00217EPSS
Exploits1References5
CVE
CVE
added 2026/06/25 7:9 p.m.9 views

CVE-2026-57522

CVE-2026-57522 affects Bitwarden Server prior to 2026.5.0. The vulnerability is a JSON injection in IntegrationTemplateProcessor.ReplaceTokens(), which inserts user-controlled values into event-integration templates without JSON encoding. If an organization uses an event integration whose templat...

5CVSS6AI score0.00217EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:9 p.m.4 views

CVE-2026-57522

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens, which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template referenc...

3.5CVSS6AI score0.00217EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/25 7:9 p.m.3 views

EUVD-2026-39543

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens, which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template referenc...

3.5CVSS6AI score0.00217EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/12 9:28 a.m.10 views

CVE-2026-11945

A flaw was found in PostgreSQL Anonymizer. A local user with privileges to create JSON documents can embed malicious code within a specific key-value pair. If a superuser subsequently invokes the importdatabaserules or importrolesrules functions, this malicious code will be executed with superuse...

7.5CVSS5.5AI score0.00247EPSS
Exploits1References2
OSV
OSV
added 2026/05/28 7:16 p.m.2 views

PYSEC-2026-600

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

8.8CVSS5.9AI score0.00329EPSS
Exploits1References5
OSV
OSV
added 2026/05/28 7:16 p.m.6 views

UBUNTU-CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

8.8CVSS6AI score0.00329EPSS
Exploits1References5
OSV
OSV
added 2026/05/28 3:43 p.m.8 views

RLSA-2026:20596 Important: ruby:4.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary...

9.1CVSS6.7AI score0.01131EPSS
Exploits0References3
OSV
OSV
added 2026/05/26 12:0 a.m.12 views

ALSA-2026:20606 Important: ruby4.0 security update

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Informatio...

9.1CVSS6.7AI score0.01131EPSS
Exploits0References6
NVD
NVD
added 2026/04/23 8:16 p.m.5 views

CVE-2026-41267

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

9.8CVSS0.00334EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/23 7:12 p.m.33 views

CVE-2026-41267 Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

8.1CVSS0.00334EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/23 7:12 p.m.6 views

EUVD-2026-25284

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

8.1CVSS7.2AI score0.00334EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:12 p.m.2 views

CVE-2026-41267

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

8.1CVSS7.2AI score0.00334EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/23 7:12 p.m.14 views

CVE-2026-41267

CVE-2026-41267 affects Flowise Flowise Cloud account registration prior to 3.1.0. The vulnerability is an improper mass assignment (JSON injection) that lets unauthenticated attackers inject server-managed fields and nested objects during account creation. This enables client-controlled manipulat...

9.8CVSS7.2AI score0.00334EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34732

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

8.1CVSS7.2AI score0.00334EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.4 views

CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

7.1CVSS5.8AI score0.01192EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 11:16 p.m.3 views

DEBIAN-CVE-2026-33210

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...

9.1CVSS6AI score0.00838EPSS
Exploits0References1
NVD
NVD
added 2026/03/19 9:17 p.m.8 views

CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

9.8CVSS0.01192EPSS
Exploits1References9
OSV
OSV
added 2026/03/19 9:17 p.m.3 views

DEBIAN-CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

9.8CVSS5.6AI score0.01192EPSS
Exploits1References1
Rows per page
Query Builder