23 matches found
CVE-2026-43874
CVE-2026-43874 affects WWBN AVideo up to version 29.0, involving YPTSocket message handling. The server-side strip that removes autoEvalCodeOnHTML only targets $json['msg'] and not other outbound carriers; the relay logic prefers $msg['json'] when present, causing an unauthenticated attacker who ...
EUVD-2017-18249
Malware in sbrugna...
EUVD-2020-2566
Malware in sbrugna...
EUVD-2021-25347
Malware in sbrugna...
PT-2025-27492 · Unknown · Tiny-Secp256K1
Name of the Vulnerable Software and Affected Versions: tiny-secp256k1 versions prior to 1.1.7 Description: A private key can be extracted when signing a malicious JSON-stringifiable object, affecting environments where the global Buffer is the buffer package. The Buffer.isBuffer check can be...
PT-2025-27493 · Unknown · Tiny-Secp256K1
Name of the Vulnerable Software and Affected Versions: tiny-secp256k1 versions prior to 1.1.7 Description: A malicious JSON-stringifyable message can be made to bypass the Buffer.isBuffer check, resulting in strange objects being accepted as a message. This can trick the verify function into...
CVE-2025-5829
Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers...
Autel MaxiCharger AC Wallbox Commercial Buffer Overflow Vulnerability (CNVD-2025-14947)
Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. The Autel MaxiCharger AC Wallbox Commercial suffers from a buffer overflow vulnerability that stems from a JSON message that fails to properly validate the length and size of the input data, which can be...
CVE-2025-5829
Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers...
CVE-2025-5829
Autel MaxiCharger AC Wallbox Commercial is affected by CVE-2025-5829. The issue is a stack-based buffer overflow in JSON message handling caused by insufficient validation of user-supplied data before copying to a fixed-length buffer, enabling remote code execution. Impact: requires physical acce...
CVE-2025-5829 Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability
Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers...
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of JSON messages...
CVE-2021-38910
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID:...
Input validation
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID:...
CVE-2019-12086
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...
Raining SYSTEM Shells with Citrix Workspace app
TL;DR Citrix Workspace is vulnerable to a remote command execution attack running under the context of the SYSTEM account. By sending a crafted message over a named pipe and spoofing the client process ID, the Citrix Workspace Updater Service can be tricked into executing an arbitrary process und...
CVE-2019-12814
A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files. Mitigation This vulnerability relies on jdom...
Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerability CVE-2019-12086
Summary IBM Event Streams has addressed the following vulnerability Vulnerability Details CVEID: CVE-2019-12086 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing...
Information exposure in FasterXML jackson-databind
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...
CVE-2019-12086
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...