Lucene search
K

9 matches found

CVE
CVE
added 2026/02/26 12:47 a.m.22 views

CVE-2026-27896

The CVE-2026-27896 concerns the Go MCP SDK, affected in versions prior to 1.3.1, where Go’s json.Unmarshal (case-insensitive field matching) could accept non-standard JSON-RPC/MCP field casing. This violates JSON-RPC 2.0’s exact field names and could allow messages to bypass intermediary inspecti...

7.5CVSS5.3AI score0.00255EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/19 12:52 p.m.6 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to json-20190722.jar

Summary IBM webMethods BPM uses json-20190722.jar for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite...

7.5CVSS6.8AI score0.01449EPSS
Exploits6Affected Software1
OSV
OSV
added 2025/11/19 10:15 a.m.6 views

AZL-70583 CVE-2025-11230 affecting package haproxy for versions less than 2.9.11-4

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

7.5CVSS7.2AI score0.00479EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3046

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00822EPSS
Exploits0References4
Gitee
Gitee
added 2025/07/27 3:22 a.m.192 views

java-sec-code

This is an offensive tool for Java web applications. It is a collection of Java web common vulnerabilities and security code, based on Spring Boot and Spring Security. The repository contains various types of vulnerabilities, including actuators to RCE, command inject, CORS, CRLF injection, CSRF,...

7.4AI score
Exploits0
CVE
CVE
added 2025/07/07 9:55 a.m.21 views

CVE-2025-5472

The CVE-2025-5472 entry concerns run-llama/llama_index’s JSONReader. Versions prior to 0.12.38 are vulnerable to a stack overflow/DoS via uncontrolled recursive JSON parsing when processing deeply nested structures. Root cause is unsafe recursive traversal with no depth validation, causing Recurs...

6.5CVSS6.5AI score0.00338EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/30 8:24 p.m.2 views

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

7.5CVSS7.2AI score0.01119EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2022/11/20 6:1 p.m.979 views

Exploit for Uncontrolled Recursion in Owasp Modsecurity

Detection-and-Mitigation-script-for-CVE-2021-42717 Detection a...

7.5CVSS7.8AI score0.03206EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2021/06/03 11:21 a.m.1 views

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References5
Rows per page
Query Builder