CVE-2026-8890

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

CVE-2026-40685

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

SUSE CVE-2026-33252

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization,...

EUVD-2026-14643

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization,...

CVE-2026-33252

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization,...

CVE-2025-52667

CVE-2025-52667 affects Revive Adserver: missing JSON Content-Type header validation in a script leads to a stored XSS vulnerability for a logged-in manager user, affecting Revive Adserver 6.0.1, 5.5.2 and earlier. Connected sources (Red Hat, CNVD, NVD, OSV, HackerOne report) confirm XSS risk link...

CVE-2022-29534

An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header...

Malicious code in Be.Vlaaոderen.Basisregisters.Middleware.AdԁProblemJsonHeader (NuGet)

--- -= Per source details. Do not edit below this line.=-...

OSV-2024-38 Heap-buffer-overflow in json_HEADER

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66046 Crash type: Heap-buffer-overflow WRITE 2 Crash state: jsonHEADER dwgreadjson llvmfuzz.c...

PT-2023-35983 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Heap-double-free. The crash state involves several functions: bit TV to utf8, json cquote, and json...

json.h 缓冲区错误漏洞

json.h is a simple single header solution for parsing JSON in C and C++ from the individual developer Neil Henning. A security vulnerability exists in sheredom json.h, which stems from the discovery of a buffer overflow vulnerability contained in the jsonparsenumber function. An attacker can...

json.h 缓冲区错误漏洞

json.h is a simple single header solution for parsing JSON in C and C++ from the individual developer Neil Henning. A security vulnerability exists in json.h, which stems from a buffer overflow in the function jsonparseobject in json.h, allowing an attacker to write arbitrary code and gain...