Lucene search
K

469 matches found

Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.6 views

PT-2026-22746

Name of the Vulnerable Software and Affected Versions Tuya App and SDK version 24.07.11 Description A denial of service condition exists in Tuya App and SDK. The issue affects an unknown functionality within the JSON Data Point Handler component. Manipulation of the cruise time argument can lead ...

3.1CVSS5.5AI score0.00288EPSS
Exploits0References9
Snyk
Snyk
added 2026/02/26 6:18 a.m.4 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Google Calendar integration configuration response in the app config endpoint. An attacker can retrieve the service account’s API key JSON including private key material by...

7.1CVSS6AI score0.00241EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

Google Cloud Vertex AI SDK 安全漏洞

Google Cloud Vertex AI SDK is a Python library for AI capabilities provided by Google, Inc. Versions of Google Cloud Vertex AI SDK prior to 1.131.0 contained security vulnerabilities. These vulnerabilities were due to the genai/evalsvisualization component, which had a storage-oriented cross-site...

8.6CVSS7.5AI score0.00529EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.6 views

CVE-2026-25632

EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...

10CVSS5.6AI score0.00657EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/29 2:28 p.m.4 views

CVE-2020-37008 EasyPMS 1.0.0 - Authentication Bypass

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...

8.7CVSS5.9AI score0.00456EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.8 views

CVE-2020-7980

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...

10CVSS7.9AI score0.82956EPSS
Exploits7References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.20 views

CVE-2020-12725

Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...

7.2CVSS6.7AI score0.01318EPSS
Exploits1References1
OSV
OSV
added 2026/01/07 5:16 p.m.6 views

CVE-2025-66786

OpenAirInterface CN5G AMF=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack...

7.5CVSS5.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.8 views

CVE-2019-16999

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...

9.8CVSS8.1AI score0.01482EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.10 views

CVE-2019-16890

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...

5.4CVSS5.7AI score0.00661EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/07 12:0 a.m.24 views

CVE-2025-66786

OpenAirInterface CN5G AMF=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack...

0.0032EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 6:30 p.m.13 views

CVE-2025-66458

CVE-2025-66458 – Lookyloo is affected in versions prior to 1.35.3. The issue stems from unsafe use of f-strings in Markup, enabling multiple XSS when a malicious third-party server responds with a JSON document containing JavaScript in a script element. The vulnerability is fixed in 1.35.3. Remed...

6.1CVSS6AI score0.00155EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/01 10:22 a.m.4 views

CVE-2025-59789 Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser

Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...

6.8AI score0.01479EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/11/14 10:49 p.m.8 views

CVE-2022-4985 Vodafone H500s WiFi Password Disclosure via activation.json

Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...

8.7CVSS0.00402EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/23 12:17 a.m.9 views

CVE-2024-58274

Hikvision CSMP Comprehensive Security Management Platform iSecure Center through 2024-08-01 allows execution of a command within $ in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025...

8.3CVSS7.2AI score0.17508EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-8799

Malware in sbrugna...

6.5CVSS6.6AI score0.0104EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-10354

Malware in sbrugna...

9.3CVSS8.2AI score0.02832EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0075

Malware in sbrugna...

7.5CVSS7.6AI score0.03855EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-5424

Malware in sbrugna...

7.5CVSS7.4AI score0.01894EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-2377

Malware in sbrugna...

5CVSS6.4AI score0.01557EPSS
Exploits0References3
Rows per page
Query Builder