CVE-2025-6183

The StrongDM macOS client is affected by CVE-2025-6183 due to how it processes JSON-formatted messages, allowing an attacker to potentially modify macOS system configuration by crafting a malicious JSON payload. Documents confirm the affected product (StrongDM macOS client) and the underlying cau...

PT-2025-34126 · Strongdm · Strongdm Macos Client

Name of the Vulnerable Software and Affected Versions: StrongDM macOS client affected versions not specified Description: The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...

Linux Distros Unpatched Vulnerability : CVE-2019-17531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...

BIT-HELM-2025-55199 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...

Linux Distros Unpatched Vulnerability : CVE-2019-1010083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data...

Exploit for CVE-2024-28397

CVE-2024-28397-command-execution-poc This vulnerability arises...

MAL-2025-12103 Malicious code in @zalastax/nolb-json-l (npm)

The package @zalastax/nolb-json-l was found to contain malicious code...

Malicious code in @zalastax/nolb-json-z (npm)

The package @zalastax/nolb-json-z was found to contain malicious code...

MAL-2025-12113 Malicious code in @zalastax/nolb-json-v (npm)

The package @zalastax/nolb-json-v was found to contain malicious code...

ROS-20250814-06

Vulnerability in Iperf3 network throughput measurement tool is related to incorrect processing of test parameters passed to server in json format. test parameters passed to the server in json format. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of...

CVE-2025-52386

CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file...

Allocation of Resources Without Limits or Throttling

Overview org.bouncycastle:bcprov-ext-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...

CVE-2025-52386

CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file...

CVE-2025-52386

CVE-2025-52386 affects CycloneDX Sunshine v0.9. The issue arises when processing JSON input without validating formulas, enabling a CSV Formula Injection via crafted JSON files. Potential impact includes injection into downstream CSV, depending on how the data are consumed. The connected document...

Wazuh server remote code execution caused by an unsafe deserialization vulnerability.

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are serialized as JSON and...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...

mod_security: ModSecurity Denial of Service Vulnerability

A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...

Linux Distros Unpatched Vulnerability : CVE-2024-51491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during...