The vulnerability of the plugin “Import from XML, YML, JSON. Uploading product catalogs for 1C-Bitrix” allows a perpetrator to execute arbitrary commands.

The vulnerability of the plugin “Import from XML, YML, JSON. Uploading product catalogs for 1C-Bitrix” is related to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

CVE-2025-4692

Actors can use a maliciously crafted JavaScript object notation JSON web token JWT to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by t...

CVE-2025-4692 ABUP IoT Cloud Platform Incorrect Privilege Assignment

Actors can use a maliciously crafted JavaScript object notation JSON web token JWT to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by t...

CVE-2017-16881

b3log Symphony aka Sym 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java,...

PT-2025-22569 · Unknown · Abup Cloud Update Platform

Name of the Vulnerable Software and Affected Versions: ABUP Cloud Update Platform affected versions not specified Description: The issue allows actors to perform privilege escalation by submitting a maliciously crafted JavaScript object notation JSON web token JWT to a vulnerable method exposed o...

DEBIAN-CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

The vulnerability of the access point loading function in Cisco IOS XE wireless local control devices allows a attacker to execute arbitrary commands.

The vulnerability of the Cisco IOS XE wireless local area network controller’s Access Point AP loading function is related to the presence of a strictly encrypted JSON Web Token JWT. Exploiting this vulnerability allows an attacker to execute arbitrary commands by sending specially crafted HTTPS...

jettison: parser crash by stackoverflow

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the field label or handle during the import process from JSON. An attacker can execute arbitrary scripts in the context of the interface by inserting malicious content into these fields. Note: This is only...

MISP 安全漏洞

MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.193...

PYSEC-2025-83

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...

Python JSON Logger 安全漏洞

Python JSON Logger is a JSON formatting tool for Python logs by the individual developer Nicholas Hairs. A security vulnerability exists in Python JSON Logger versions prior to 3.3.0, which stems from a missing dependency that could lead to remote code execution...

Distribution 安全漏洞

Distribution is Distribution's open source toolset for packaging, shipping, storing and delivering content. A security vulnerability exists in Distribution versions 3.0.0-beta.1 through 3.0.0-rc.2, which stems from a vulnerability that allows an attacker to inject an untrusted signing key into a...

frozen 代码问题漏洞

frozen is an open source JSON parser and generator for C/C++ from Cesanta Software. A code issue exists in frozen versions prior to 1.7, which is caused by a null pointer dereference. An attacker exploiting this vulnerability could trigger a crash of a component embedded in the library by providi...

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

OESA-2024-2228 json-lib security update

JSON-lib is a java library for transforming beans, maps, collections, java arrays and XML to JSON and back again to beans and DynaBeans. Security Fixes: util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.CVE-2024-47855...

UBUNTU-CVE-2024-47855

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string...

SUSE CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...