CVE-2026-1615

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...

PT-2026-7066

Name of the Vulnerable Software and Affected Versions jsonpath affected versions not specified Description The package jsonpath is susceptible to Arbitrary Code Injection due to unsafe evaluation of user-supplied JSON Path expressions. The library utilizes the static-eval module to process JSON...

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

Security Bulletin: Rational Performance Tester contains a vulnerability which could result in a denial of service

Summary Due to the use of the json-path library, Rational Performance Tester contains a vulnerability which could results in a potential denial of service attack. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path v2.8.0 was discovered to contain a stack overflow via the...

Security Bulletin: Vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookie might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookier. Vulnerabilities include an attacker is able to brute force something that was supposed to be random, ...

GHSA-7P73-8JQX-23R8 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

Summary LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. Details /langgraph/libs/checkpoint-sqlite/langgraph/store/sqlite/base.py...

PT-2025-40542

Name of the Vulnerable Software and Affected Versions Cursor versions 1.7 and below Description Cursor CLI Agent does not adequately protect its sensitive files, specifically /.cursor/cli.json. This allows attackers to modify the content of these files through prompt injection, potentially leadin...

CVE-2019-10748

Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects...

CVE-2019-10749

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

Linux Distros Unpatched Vulnerability : CVE-2023-51074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse method. CVE-2023-51074 Note that Nessus relies on the presence of the package...

Security Bulletin: Vulnerability in json-path affects watsonx.data

Summary json-path is vulnerable to a stack-based buffer overflow allowing an attacker to cause an uncontrolled recursion which results in a denial of service condition. This affects watsonx.data. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of servic...

Shields 注入漏洞

Shields is a project of Shields open source. An injection vulnerability exists in versions prior to Shields server-2024-09-25, which stems from the JSONPath library used via dynamic JSON/Toml/Yaml badges that can be used against Shields.io instances...

PT-2024-40884 · Fastjson2 · Fastjson2

Name of the Vulnerable Software and Affected Versions: fastjson2 affected versions not specified Description: The issue is related to a security exception in the fastjson2 library. A crash occurs due to a cycle in the JSONPathSegment, specifically in the CycleNameSegment$MapLoop.accept method. Th...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the json-path component (CVE-2023-51074).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the json-path component. JSON-Path is a query language for JSON, similar to XPath for XML. It allows us to select and extract data from a JSON document. we use a JSON-Path expression to traverse the path to an element in...

CVE-2024-38706 WordPress HT Mega plugin <= 2.5.7 - JSON Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through = 2.5.7...

WordPress HT Mega plugin <= 2.5.7 - JSON Path Traversal vulnerability

JSON Path Traversal vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin HT Mega versions = 2.5.7...

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074)

Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path CVE-2023-51074. IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability Details...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service attack (CVE-2023-51074).

Summary IBM Event Endpoint Management is vulnerable to a denial of service due to json-path component, caused by a stack-based buffer overflow in the Criteria.parse method.It is a query language for JSON, similar to XPath for XML. It allows you to select and extract data from a JSON document...