469 matches found
PT-2026-22746
Name of the Vulnerable Software and Affected Versions Tuya App and SDK version 24.07.11 Description A denial of service condition exists in Tuya App and SDK. The issue affects an unknown functionality within the JSON Data Point Handler component. Manipulation of the cruise time argument can lead ...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Google Calendar integration configuration response in the app config endpoint. An attacker can retrieve the service account’s API key JSON including private key material by...
Google Cloud Vertex AI SDK 安全漏洞
Google Cloud Vertex AI SDK is a Python library for AI capabilities provided by Google, Inc. Versions of Google Cloud Vertex AI SDK prior to 1.131.0 contained security vulnerabilities. These vulnerabilities were due to the genai/evalsvisualization component, which had a storage-oriented cross-site...
CVE-2026-25632
EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...
CVE-2020-37008 EasyPMS 1.0.0 - Authentication Bypass
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...
CVE-2020-7980
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...
CVE-2020-12725
Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...
CVE-2025-66786
OpenAirInterface CN5G AMF=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack...
CVE-2019-16999
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...
CVE-2019-16890
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
CVE-2025-66786
OpenAirInterface CN5G AMF=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack...
CVE-2025-66458
CVE-2025-66458 – Lookyloo is affected in versions prior to 1.35.3. The issue stems from unsafe use of f-strings in Markup, enabling multiple XSS when a malicious third-party server responds with a JSON document containing JavaScript in a script element. The vulnerability is fixed in 1.35.3. Remed...
CVE-2025-59789 Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser
Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...
CVE-2022-4985 Vodafone H500s WiFi Password Disclosure via activation.json
Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...
CVE-2024-58274
Hikvision CSMP Comprehensive Security Management Platform iSecure Center through 2024-08-01 allows execution of a command within $ in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025...
EUVD-2018-8799
Malware in sbrugna...
EUVD-2018-10354
Malware in sbrugna...
EUVD-2018-0075
Malware in sbrugna...
EUVD-2016-5424
Malware in sbrugna...
EUVD-2007-2377
Malware in sbrugna...