GHSA-HJ76-42VX-JWP4 seroval Affected by Prototype Pollution via JSON Deserialization

Due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This affects only JSON deserialization functionality. As there is no known workaround, please upgrade to the latest version...

Directory Traversal

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Directory Traversal via the PUT handler in the file upload API, which directly joins user-supplied input into a filesystem path without proper...

CVE-2021-22008

The vCenter Server contains an information disclosure vulnerability in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information...

SUSE CVE-2026-21869

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...

UBUNTU-CVE-2025-67858

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...

CVE-2025-67858 A crafted "interface" input parameter can lead to integrity loss of the firewall configuration

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...

CVE-2025-0980 JSON RPC authentication bypass in Nokia SR Linux

Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials...

Linux Distros Unpatched Vulnerability : CVE-2025-67858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impac...

BIT-HAPROXY-2025-11230 Denial of service vulnerability in HAProxy mjson library

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

CVE-2025-67731

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performanc...

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from the presence of a null pointer dereference in JSON processing, which could lead to a denial of service attack. The following products and versio...

CVE-2025-13528

The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handleexport' function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to export all feedback data in CSV or...

CVE-2025-12571 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON...

EUVD-2025-199596

Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting versions 0.68.0 through 0.104.0. If registry credentials are defined and the output of grype is written using the --file or --output json= option, the registr...

Revive Adserver Cross-Site Scripting Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

TencentOS Server 3: firefox (TSSA-2025:0461)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0461 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

haproxy: denial of service vulnerability in HAProxy mjson library

A flaw was found in haproxy. A stemming from an inefficient algorithmic complexity issue within its bundled mjson parsing library. This vulnerability is triggered when haproxy is configured to analyze JSON content, such as with the jsonquery or jwtpayloadquery function...

EUVD-2025-177079

Malicious code in prettier-json-publish-quito npm...

EUVD-2025-112383

Malicious code in iota-json-release-it-chai npm...