UBUNTU-CVE-2026-41855

In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affect...

CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

CVE-2025-11230

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

Malicious code in node-json-converter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ffbaad687f777a1680340dedffa3333cb8f4e0ada8e0a886e7f798a9a59ee2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3271 Malicious code in node-json-converter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ffbaad687f777a1680340dedffa3333cb8f4e0ada8e0a886e7f798a9a59ee2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Out-of-bounds Write in Hutool

json.org CVE-2022-45688 true positive The project illustrate...