Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

52 matches found

OSV
OSVadded yesterday6 views

ROOT-APP-NPM-CVE-2025-1302 CVE-2025-1302 in @rootio/jsonpath-plus - Patched by Root

Root has patched CVE-2025-1302 in the @rootio/jsonpath-plus package for Root:npm. Multiple fixed versions available...

9.8CVSS5.4AI score0.89929EPSS
Exploits5
Nuclei
Nucleiadded 2 days ago10 views

JSONPath Plus < 10.3.0 - Remote Code Execution

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.8CVSS7.4AI score0.92707EPSS
Exploits8References5
GithubExploit
GithubExploitadded 2026/02/27 4:5 a.m.155 views

Exploit for CVE-2025-1302

Research: jsonpath-plus RCE CVE-2025-1302 Analysis !Securi...

9.8CVSS7.3AI score0.89929EPSS
Exploits5
Packet Storm
Packet Stormadded 2025/12/18 12:0 a.m.130 views

📄 JSONPath Plus Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in JSONPath Plus library versions prior to 10.3.0 The vulnerability allows arbitrary JavaScript code execution through malicious JSONPath expressions...

9.8CVSS9AI score0.89929EPSS
Exploits5
VulnCheck KEV
VulnCheck KEVadded 2025/11/19 12:0 a.m.24 views

VulnCheck KEV: CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.8CVSS6AI score0.92707EPSS
In wildExploits8References73
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/26 11:5 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonpath-plus-10.2.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonpath-plus-10.2.0.tgz Vulnerability Details CVEID:CVE-2025-1302 DESCRIPTION: Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacke...

9.8CVSS7.5AI score0.89929EPSS
Exploits5Affected Software1
GithubExploit
GithubExploitadded 2025/07/24 5:45 p.m.438 views

Exploit for CVE-2025-1302

CVE-2025-1302 JSONPath-Plus RCE PoC PoC Script Name: po...

9.8CVSS8.1AI score0.89929EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/08 6:48 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonpath-plus-0.19.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonpath-plus-0.19.0.tgz Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can...

9.8CVSS7.8AI score0.92707EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/26 4:7 p.m.19 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to Remote Code Execution RCE and improper preservation of permissions due to jsonpath-plus & snowflake-sdk. Vulnerabilit...

9.8CVSS8.4AI score0.89929EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 2:58 p.m.11 views

Security Bulletin: Vulnerability in jsonpath-plus affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in jsonpath-plus has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.8CVSS7.6AI score0.89929EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/19 2:5 a.m.20 views

Security Bulletin:IBM Event Streams is vulnerable to Remote Code Execution (RCE) attack due to the jsonpath-plus ( CVE-2025-1302).

Summary IBM Event Streams is vulnerable to Remote Code Execution RCE due to the jsonpath-plus package, which is typically used for querying and extracting specific data from complex JSON documents, helping in parsing message payloads, filtering data within topics, and extracting specific fields f...

9.8CVSS7.5AI score0.89929EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/15 2:37 p.m.8 views

Security Bulletin: Vulnerability in Jsonpath-plus affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Jsonpath-plus has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could all...

9.8CVSS7.7AI score0.92707EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 5:56 p.m.14 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution [CVE-2025-1302]

Summary Node.js module jsonpath-plus is used by IBM App Connect Enterprise Certified Container for processing JSON data. IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability ...

9.8CVSS8.4AI score0.89929EPSS
Exploits5Affected Software1
GithubExploit
GithubExploitadded 2025/02/25 8:36 a.m.451 views

Exploit for CVE-2025-1302

CVE-2025-1302 ★ CVE-2025-1302 JSONPath-plus RCE PoC ★ https...

9.8CVSS8.2AI score0.92707EPSS
Exploits8
Veracode
Veracodeadded 2025/02/19 5:12 a.m.15 views

Remote Code Execution (RCE)

jsonpath-plus is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input sanitization, specifically because of the unsafe default usage of eval='safe' mode, which allows an attacker to execute arbitrary code on the system...

9.8CVSS8.1AI score0.89929EPSS
Exploits5References5Affected Software1
RedhatCVE
RedhatCVEadded 2025/02/17 5:26 a.m.11 views

CVE-2025-1302

A flaw was found in jsonpath-plus. This vulnerability allows remote code execution RCE via improper input sanitization, exploiting the unsafe default usage of eval='safe' mode. Mitigation Red Hat Product Security recommends updating the vulnerable software to the latest version...

9.8CVSS7.9AI score0.89929EPSS
Exploits5References7
vulnersOsv
vulnersOsvadded 2025/02/15 6:30 a.m.6 views

@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +3062 more potentially affected by CVE-2024-21534 +1 more via jsonpath-plus (>=0.12.0 <=10.2.0)

jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...

9.8CVSS7.1AI score0.92707EPSS
Exploits8
OSV
OSVadded 2025/02/15 6:30 a.m.10 views

GHSA-HW8R-X6GR-5GJP JSONPath Plus allows Remote Code Execution

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.8CVSS10AI score0.92707EPSS
Exploits8References7
Github Security Blog
Github Security Blogadded 2025/02/15 6:30 a.m.31 views

JSONPath Plus allows Remote Code Execution

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.8CVSS7.7AI score0.89929EPSS
Exploits5References7Affected Software1
NVD
NVDadded 2025/02/15 5:15 a.m.20 views

CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.8CVSS0.89929EPSS
Exploits5References4
Rows per page
Query Builder