Lucene search
K

470 matches found

NVD
NVD
added 2025/01/17 7:15 a.m.10 views

CVE-2024-12637

The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user data. This could allow unauthenticated...

5.3CVSS0.00505EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/01/09 1:29 p.m.5 views

iperf: Denial of Service in iperf Due to Improper JSON Handling

A flaw was found in iperf. This vulnerability allows a Denial of Service DoS via the injection of malformed JSON data, which can result in a segmentation fault when a NULL pointer is passed to strdup...

7.5CVSS5.7AI score0.00908EPSS
Exploits1References6
Hacker One
Hacker One
added 2024/11/18 8:39 a.m.105 views

Khan Academy: XSS on using the legacy "Graphie To Png" API

The legacy "Graphie To Png" API was vulnerable to exploitation. An attacker could upload malicious graphies that included harmful SVG and JSON data. The SVG contained an onload attribute that executed arbitrary JavaScript. The JSON data modified the content of labels, causing the graphie renderer...

7.3AI score
Exploits0
NVD
NVD
added 2024/10/30 6:15 p.m.9 views

CVE-2024-48214

KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data...

8.4CVSS0.00965EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.15 views

CVE-2024-48214

KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data...

0.00965EPSS
Exploits0References1
CVE
CVE
added 2024/10/30 12:0 a.m.43 views

CVE-2024-48214

CVE-2024-48214 affects the Kerui HD 3MP 1080P Tuya Camera (version 1.0.4). The vulnerability is a command injection in the QR code–based local network connection module. An attacker can craft an unauthenticated QR code and abuse a JSON parameter (SSID or PASSWORD) to execute arbitrary code on the...

8.4CVSS8.2AI score0.00965EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/10/09 12:6 p.m.3 views

firefox: thunderbird: Cross-origin access to JSON contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...

7.5CVSS7.5AI score0.00498EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/10/07 1:26 a.m.2 views

firefox: thunderbird: Cross-origin access to JSON contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...

7.5CVSS7.5AI score0.00498EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/09/06 1:0 p.m.27 views

CVE-2024-45299 alf.io's preloaded data as json is not escaped correctly

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is not escaped correctly, the administrator / event admin could break their own install by inserting non correctly escaped text. The...

6.5CVSS0.00716EPSS
Exploits1References2
OSV
OSV
added 2024/09/06 1:0 p.m.20 views

CVE-2024-45299 alf.io's preloaded data as json is not escaped correctly

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is not escaped correctly, the administrator / event admin could break their own install by inserting non correctly escaped text. The...

6.5CVSS7.1AI score0.00716EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.5 views

alf.io 安全漏洞

Alf.io is a free and open source event attendance management system from Alf.io Open Source. A security vulnerability exists in versions prior to alf.io 2.0-M5 that stems from preloaded json data that is not properly escaped, which could result in an administrator or event administrator inserting...

6.5CVSS6.6AI score0.00716EPSS
Exploits1References3
NVD
NVD
added 2024/08/06 4:15 p.m.36 views

CVE-2024-39226

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...

9.8CVSS0.20561EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/06 12:0 a.m.29 views

CVE-2024-39226

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...

0.20561EPSS
Exploits1References1
CVE
CVE
added 2024/08/06 12:0 a.m.68 views

CVE-2024-39226

CVE-2024-39226 affects a broad set of GL.iNet routers (AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750, MT3000/MT2500/AXT1800/AX1800/A1300/X300B, XE300/E750/AP1300/S1300, XE3000/X3000) with firmware versions ranging from 4.3.11 to 4.4. The vulnerability allows manipulating router...

9.8CVSS9.7AI score0.20561EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/07/02 4:15 p.m.6 views

AZL-60091 CVE-2024-4467 affecting package qemu for versions less than 6.2.0-24

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

7.8CVSS7.1AI score0.00333EPSS
Exploits0References1
NVD
NVD
added 2024/05/20 1:15 p.m.28 views

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

8.1CVSS8AI score0.0061EPSS
Exploits1References2
OSV
OSV
added 2024/05/20 1:15 p.m.20 views

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

7.2CVSS6.7AI score
Exploits0References2
GithubExploit
GithubExploit
added 2024/04/13 1:52 p.m.534 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

MinIO vulnerability exploit CVE-2023-28432 Description T...

7.5CVSS7.8AI score0.83957EPSS
Exploits13
CVE
CVE
added 2024/04/02 11:31 p.m.48 views

CVE-2024-3218

The CVE-2024-3218 entry affects Shibang Communications IP Network Intercom Broadcasting System v1.0, specifically the /php/busyscreenshotpush.php endpoint. The vulnerability arises from path traversal via manipulation of jsondata[callee]/jsondata[imagename] to escalate outside the intended direct...

5.5CVSS5.6AI score0.00651EPSS
Exploits0References4
NVD
NVD
added 2024/03/26 11:15 p.m.7 views

CVE-2024-26577

VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service application hang via a spoofed UDP packet containing at least 10 digits in JSON data...

7.5CVSS6.4AI score0.00644EPSS
Exploits0References1
Rows per page
Query Builder