Lucene search
K

211 matches found

Cvelist
Cvelist
added 2025/06/26 2:7 p.m.9 views

CVE-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...

7.5CVSS0.00466EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/26 2:7 p.m.6 views

CVE-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...

7.5CVSS7.1AI score0.00466EPSS
Exploits0References1
CVE
CVE
added 2025/06/26 2:7 p.m.175 views

CVE-2025-6709

CVE-2025-6709 describes a denial-of-service vulnerability in MongoDB Server caused by improper handling of specific date values in JSON input when using OIDC authentication. Affected are MongoDB Server versions prior to 7.0.17 (7.0.x), prior to 8.0.5 (8.0.x), and prior to 6.0.21 (6.0.x). In v7.0/...

7.5CVSS7.1AI score0.00466EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2025/06/26 11:32 a.m.9 views

Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...

7.5CVSS7AI score0.00466EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.4 views

PT-2025-26973

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 6.0.21 MongoDB Server versions 7.0.0 through 7.0.16 MongoDB Server versions 8.0.0 through 8.0.4 Description: The MongoDB Server is susceptible to a denial of service issue due to improper handling of specific...

8.8CVSS7.9AI score0.00466EPSS
Exploits0References32
FreeBSD
FreeBSD
added 2025/06/26 12:0 a.m.5 views

MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

NVD reports: The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and serv...

7.5CVSS7.2AI score0.00466EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/06/26 12:0 a.m.7 views

FreeBSD : MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication (5b87eef6-52aa-11f0-b522-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5b87eef6-52aa-11f0-b522-b42e991fc52e advisory. NVD reports: The MongoDB Server is susceptible to a denial of service vulnerability due to improper...

7.5CVSS7.7AI score0.00466EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/11 12:0 a.m.6 views

EulerOS 2.0 SP12 : yajl (EulerOS-SA-2025-1608)

According to the versions of the yajl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in...

7.5CVSS7.1AI score0.03735EPSS
Exploits1References2
Atlassian
Atlassian
added 2025/06/05 6:8 a.m.17 views

DoS (Denial of Service) Third-Party Dependency in Crowd Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 6.1.0 and 6.2.0 of Crowd Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...

7.5CVSS7.8AI score0.01119EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 11:40 a.m.6 views

CVE-2025-0695

An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input...

5.3CVSS6.8AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:35 p.m.12 views

CVE-2021-43853

Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...

8.7CVSS6.2AI score0.00824EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:54 p.m.8 views

CVE-2020-7965

flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...

8.8CVSS6.7AI score0.00488EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 a.m.7 views

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

5CVSS6.9AI score0.01447EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/20 12:0 a.m.6 views

Atlassian Jira Service Management Data Center and Server 5.12.4 < 5.12.22 / 5.13.x < 10.3.5 / 10.4.x < 10.5.1 DoS (JSDSERVER-16144)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a denial of service vulnerability as referenced in the JSDSERVER-16144 advisory. - A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading...

7.5CVSS6.2AI score0.01119EPSS
Exploits1References2
OSV
OSV
added 2025/05/06 9:16 p.m.11 views

CVE-2025-0649

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

7.5CVSS6.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/06 8:20 p.m.18 views

CVE-2025-0649 Stack Exhaustion In Tensorflow Serving

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

8.9CVSS6.9AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2025/05/06 8:20 p.m.77 views

CVE-2025-0649

CVE-2025-0649 affects Google’s TensorFlow Serving up to version 2.18.0, where an incorrect JSON input stringification can lead to potentially unbounded recursion and a server crash. Root cause: improper handling of JSON inputs in the serving component. Impact: high availability risk (server crash...

8.9CVSS6.6AI score0.00182EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/05/06 8:20 p.m.42 views

CVE-2025-0649 Stack Exhaustion In Tensorflow Serving

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

8.9CVSS0.00182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.5 views

PT-2025-19869 · Unknown · Tensorflow

Name of the Vulnerable Software and Affected Versions: Tensorflow serving versions up to 2.18.0 Description: The issue is related to incorrect JSON input stringification in Tensorflow serving, which allows for potentially unbounded recursion. This can lead to a server crash. Recommendations: For...

8.9CVSS6.2AI score0.00182EPSS
Exploits0References8
Snyk
Snyk
added 2025/04/14 9:32 p.m.4 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow through the apply function in org/jsonschema2pojo/rules/SchemaRule.java. An attacker can execute arbitrary code or cause denial of service by manipulating the JSON file input to trigger a stack-based buffer...

5.3CVSS7.8AI score0.0017EPSS
Exploits0References2
Rows per page
Query Builder