9 matches found
CVE-2026-57278
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-58170
Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...
WWBN AVideo 代码注入漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained a code injection vulnerability. This vulnerability stemmed from the WebSocket server in the YPTSocket plugin, which forwarded JSON messages provided by attackers...
CVE-2026-25632
EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...
CVE-2026-25632
EPyT-Flow (Python) prior to version 0.16.1 is affected by a deserialization vulnerability in its REST API. The issue stems from a custom deserializer (my_load_from_json) that honors a type field, allowing attacker-supplied module/class imports and instantiation during JSON parsing, which can trig...
EUVD-2022-7326
Malicious code in bioql PyPI...
EUVD-2022-7394
Malicious code in bioql PyPI...
USN-7657-1: jq vulnerabilities
It was discovered that jq incorrectly handled certain values when parsing JSON data. A remote attacker could possibly use this issue to cause jq to crash, resulting in a denial of service. CVE-2024-23337 It was discovered that jq incorrectly handled NaN values when parsing JSON data. A remote...
CVE-2022-41714 fastest-json-copy 1.0.1 - Prototype Pollution
fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...