CVE-2025-40929 Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact...

GO-2025-3924 HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault

HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault...

MetaCPAN JSON::XS 安全漏洞

MetaCPAN JSON::XS is a JSON codec module in the Perl language from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN JSON::XS versions prior to 4.04 that stems from an integer buffer overflow that could lead to a denial of service attack...

Errors returned from JSON marshaling may break template escaping in html/template

...

PT-2025-35723

Name of the Vulnerable Software and Affected Versions cJSON versions 1.5.0 through 1.7.18 Description cJSON versions 1.5.0 through 1.7.18 contain an out-of-bounds access issue within the decode array index from pointer function located in cJSON Utils.c. This allows attackers to bypass array bound...

Linux Distros Unpatched Vulnerability : CVE-2025-26525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available such as those with TeX Live...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an improper check of complex JSON in the HTTP handler. An attacker can cause excessive memory and CPU consumption by submitting specially-crafted payloads that meet the default...

CVE-2025-5302

The CVE-2025-5302 affects the JSONReader in run-llama/llama_index v0.12.37, where unconstrained recursion on deeply nested JSON can exhaust Python recursion depth, causing high CPU/memory use and potential DoS. The issue is resolved in v0.12.38. Remediation: upgrade llama_index to 0.12.38 or late...

PT-2025-34744

Name of the Vulnerable Software and Affected Versions: egOS WebGUI affected versions not specified Description: The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass...

Linux Distros Unpatched Vulnerability : CVE-2018-1000539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nov json-jwt version = 0.5.0 && = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM...

CVE-2025-6183

The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...

CVE-2025-55398

CVE-2025-55398 affects the mouse07410 asn1c fork (through 0.9.29). In UPER decoding, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits, potentially processing malformed input. Affected: decoders in this asn1c fork; impact is high (per CVSS...

PT-2025-34448 · Mouse07410 · Asn1C

Name of the Vulnerable Software and Affected Versions: mouse07410 asn1c versions through 0.9.29 Description: An issue was discovered in decoders generated by asn1c. When using UPER Unaligned Packed Encoding Rules, the decoders fail to enforce constraints on INTEGER values if the positive bound...

CVE-2025-51606

hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...

sha.js is missing type checks leading to hash rewind and passing on crafted data

Summary This is the same as GHSA-cpq7-6gpm-g9rc but just for sha.js, as it has its own implementation. Missing input type checks can allow types other than a well-formed Buffer or string, resulting in invalid values, hanging and rewinding the hash state including turning a tagged hash into an...

cipher-base is missing type checks, leading to hash rewind and passing on crafted data

Summary This affects e.g. create-hash and crypto-browserify, so I'll describe the issue against that package Also affects create-hmac and other packages Node.js createHash works only on strings or instances of Buffer, TypedArray, or DataView. Missing input type checks in npm create-hash polyfill ...

ROS-20250821-02

A vulnerability in the BinaryStreamDriver component of the Java library for converting objects to XML or JSON XStream format is related to a buffer overflow on the stack from a manipulated binary input stream. Exploitation of the vulnerability could allow an attacker acting remotely to perform a...

Linux Distros Unpatched Vulnerability : CVE-2023-5072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amoun...

CVE-2025-6183

The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...

CVE-2025-6183 Configd Injection

The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...