469 matches found
CVE-2024-26577
VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service application hang via a spoofed UDP packet containing at least 10 digits in JSON data...
CVE-2024-26577
VSeeFace prior to and including version 1.13.38.c2 is affected by a denial-of-service vulnerability: a spoofed UDP packet containing at least 10 digits in JSON data can cause the application to hang. The available connected documents confirm the product and vulnerable versions (1.13.38.c2 and ear...
Arbitrary Code Execution
qiskitibmruntime is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient input validation during the deserialization of JSON data using qiskitibmruntime.RuntimeDecoder. This lack of proper validation allows an attacker to craft malicious input strings that, when...
CVE-2024-29032 `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskitibmruntime.RuntimeDecoder can lead to arbitrary code...
BIT-REDASH-2020-12725
Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...
PT-2025-31022 · Pypi · Serde-Json-Wasm
Name of the Vulnerable Software and Affected Versions: serde-json-wasm versions prior to 1.0.1 Description: The serde-json-wasm crate is susceptible to a stack consumption issue when processing deeply nested JSON data. Recommendations: Update to version 1.0.1 or later...
Hikvision Intercom Broadcasting System Operating System Command Injection Vulnerability
Hikvision Intercom Broadcasting System is an intercom broadcasting system from Hikvision China. An operating system command injection vulnerability exists in Hikvision Intercom Broadcasting System version 3.0.320201113RELEASE HIK, which stems from the parameter jsondataip in the file /php/ping.ph...
VulnCheck KEV: CVE-2020-35131
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI...
AjaxPro Deserialization Remote Code Execution
This module leverages an insecure deserialization of data to get remote code execution on the target OS in the context of the user running the website which utilized AjaxPro. To achieve code execution, the module will construct some JSON data which will be sent to the target. This data will be...
Authentication flaw
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...
Jettison Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
CVE-2023-39966
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...
CVE-2023-39966 1Panel arbitrary file write vulnerability exists in the background
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...
CVE-2023-39966 1Panel arbitrary file write vulnerability exists in the background
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...
Important: jettison
Issue Overview: Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of servic...
Deserialization of Untrusted Data
Overview kredis is a higher-level data structures built on Redis. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Carefully crafted JSON data processed may result in deserialization of untrusted data, potentially leading to deserialization of unexpected...
PT-2023-21197 · Kredis · Kredis
Name of the Vulnerable Software and Affected Versions: Kredis versions prior to 1.3.0.1 Description: There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code. This issue may result in the deserialization of unexpected objects in the system when carefully...
EulerOS 2.0 SP5 : jettison (EulerOS-SA-2023-2151)
According to the versions of the jettison package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data. CVE-2022-45685 - Jettison...
Cross site scripting
skycaiji v2.5.4 is vulnerable to Cross Site Scripting XSS. Attackers can achieve backend XSS by deploying malicious JSON data...
CVE-2023-33394
skycaiji v2.5.4 is vulnerable to Cross Site Scripting XSS. Attackers can achieve backend XSS by deploying malicious JSON data...