CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

302 matches found

Github Security Blog•added 2026/03/04 9:23 p.m.•18 views

jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

Summary The UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint default: 500 defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive...

8.7CVSS5.8AI score0.00489EPSS

Exploits0References7Affected Software1

OSSF Malicious Packages•added 2026/03/03 6:43 a.m.•5 views

Malicious code in turbo-json-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a239b53ed6cbc1e72aac660afa08204b9de36dae39068c30cf175ddd390b4fd1 The package turbo-json-parser was found to contain malicious code. Source: ghsa-malware...

5.7AI score

Exploits0References1

Snyk•added 2026/03/03 6:43 a.m.•3 views

Malicious Package

Overview turbo-json-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score

Exploits0References2

OSV•added 2026/03/03 6:43 a.m.•4 views

MAL-2026-1213 Malicious code in turbo-json-parser (npm)

5.7AI score

Exploits0References1

Snyk•added 2026/02/28 2:1 a.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview com.fasterxml.jackson.core:jackson-core is a Core Jackson abstractions, basic JSON streaming API implementation Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in which the non-blocking async JSON parser can be made to bypass the...

8.7CVSS6AI score

Exploits0References2

GithubExploit•added 2026/02/07 9:8 p.m.•139 views

fuzzing-portfolio-project

Fuzzing Portfolio Project: Heap Overflow Discovery Author:...

6.1AI score

Exploits0

CNNVD•added 2026/01/27 12:0 a.m.•3 views

SKRoot security vulnerabilities

SKRoot is a Linux kernel root tool developed by abcz316. SKRoot has a security vulnerability, which stems from a null pointer dereferencing in the JSON parsing component cJSON.Cpp, potentially leading to crashes...

8.7CVSS5.8AI score0.00276EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:15 a.m.•17 views

CVE-2022-23460

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized ASAN build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the...

7.5CVSS6.8AI score0.00603EPSS

Exploits0References1

EUVD•added 2025/12/30 4:12 p.m.•4 views

EUVD-2025-205797

Malicious code in @peterwilson12091/internal-json-test-parser npm...

6.6AI score

Exploits0References1

Cvelist•added 2025/12/12 7:40 a.m.•30 views

CVE-2025-67731 Servify Express does not enforce rate limiting when parsing JSON

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performanc...

8.7CVSS0.00346EPSS

Exploits0References3

Positive Technologies•added 2025/12/12 12:0 a.m.•3 views

PT-2025-50903

8.7CVSS6.6AI score0.00346EPSS

Exploits0References4

Packet Storm•added 2025/12/05 12:0 a.m.•163 views

📄 Apache bRPC Stack Overflow

A critical stack overflow vulnerability in Apache bRPC's JSON parser allows remote attackers to crash servers via specially crafted deep recursive JSON data. Versions prior to 1.15.0 are affected...

7.5CVSS7.3AI score0.01453EPSS

Exploits2

Cvelist•added 2025/12/01 10:22 a.m.•3 views

CVE-2025-59789 Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser

Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...

0.01453EPSS

Exploits2References1

Positive Technologies•added 2025/10/21 12:0 a.m.•2 views

PT-2025-43032

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 141.0.7390.122 Description An out-of-bounds memory access issue exists in the V8 JavaScript engine within Google Chrome. This flaw allows a remote attacker to perform out-of-bounds memory access by way of a...

10CVSS7.5AI score0.03544EPSS

Exploits0References42

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-3403

Malware in sbrugna...

7.5CVSS7.6AI score0.01054EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-12718

Malware in sbrugna...

8.1CVSS7.9AI score0.01095EPSS

Exploits0References3