Lucene search
+L

388 matches found

CVE
CVE
added 4 days ago254 views

CVE-2026-30623

CVE-2026-30623 affects LiteLLM 1.18.10 via the MCP server creation feature. The vulnerability arises when MCP configuration JSON can set arbitrary values for command and args, which LiteLLM executes on the host without validation, enabling remote code execution with the LiteLLM process privileges...

9.8CVSS6.6AI score0.00944EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-30623

LiteLLM 1.18.10 contains a remote code execution vulnerability in its MCP server creation functionality. The application allows users to add MCP servers via a JSON configuration specifying arbitrary command and args values. LiteLLM executes these values on the host without validation, enabling...

0.00944EPSS
Exploits0References3
OSV
OSV
added 6 days ago7 views

CVE-2026-61505 Rejetto HFS < 3.2.1 Limited File Disclosure via Path Traversal in lang Parameter

Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact...

6.9CVSS6.1AI score0.00452EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 6 days ago13 views

Linux Distros Unpatched Vulnerability : CVE-2026-49844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issu...

7.5CVSS5.5AI score0.00659EPSS
Exploits0References3
Fedora
Fedora
added 2026/07/09 12:57 a.m.13 views

[SECURITY] Fedora 44 Update: rust-jiter-0.16.0-1.fc44

Fast Iterable JSON parser...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/07/09 12:57 a.m.18 views

[SECURITY] Fedora 44 Update: python-jiter-0.16.0-1.fc44

Fast iterable JSON parser...

5.9AI score
Exploits0
OSV
OSV
added 2026/07/06 8:10 p.m.3 views

OPENSUSE-SU-2026:21210-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References31
RedhatCVE
RedhatCVE
added 2026/07/03 8:28 a.m.10 views

CVE-2026-9563

A flaw was found in Eclipse Parsson. The JSON parser did not enforce a default maximum on the number of characters consumed while processing a single JSON document. A remote attacker could exploit this by providing a very large, specially crafted JSON document. This could force applications to...

7.5CVSS6AI score0.00366EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.15 views

PT-2026-54936

Name of the Vulnerable Software and Affected Versions Eclipse Parsson versions prior to 1.1.8 Description The JSON parser does not enforce a default maximum on the number of characters consumed when parsing a single JSON document. This allows an attacker to provide specially crafted JSON document...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/29 7:11 p.m.25 views

CVE-2026-53426 Atom-table exhaustion denial-of-service via JSON parse_document in MDEx

Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parsedocument/2 accepts a :json, json source. In lib/mdex.ex, the private jsontonode/1 function passes the attacker-controlled nodetype value to Module.concat/1, which calls...

8.2CVSS0.00126EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.10 views

PYSEC-2026-319 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

Summary The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...

9.8CVSS6.6AI score0.0045EPSS
Exploits2References7
OSV
OSV
added 2026/06/27 12:1 a.m.3 views

RLSA-2023:6976 Moderate: libfastjson security update

The libfastjson library provides essential JavaScript Object Notation JSON handling functions. The library enables users to construct JSON objects in C, output them as JSON-formatted strings, and convert JSON-formatted strings back to the C representation of JSON objects. Security Fixes: json-c,...

7.8CVSS5.8AI score0.01888EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 9:16 p.m.15 views

CVE-2026-54350

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...

10CVSS0.00538EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/25 12:33 a.m.9 views

EUVD-2026-39145

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.5 views

CVE-2026-9785

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/24 7:43 p.m.18 views

CVE-2026-48028

Mastodon (open-source social network server) versions prior to 4.5.10, 4.4.17, and 4.3.23 are affected. The vulnerability arises from how incoming activities signed with Linked-Data Signatures are normalized, failing to adequately protect against a class of spoofing that lets an attacker remove J...

6.5CVSS5.9AI score0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 7:40 p.m.23 views

CVE-2026-46349 Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to...

5.3CVSS0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.26 views

PT-2026-51140

Name of the Vulnerable Software and Affected Versions WordPress Time Capsule Plugin version 1.21.16 Description An authentication bypass allows unauthenticated attackers to gain administrative access by sending a crafted POST request containing the IWP JSON PREFIX header. This flaw enables the...

8.7CVSS5.9AI score0.00398EPSS
Exploits0References8
NVD
NVD
added 2026/06/16 10:16 a.m.13 views

CVE-2026-10825

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot...

7.1CVSS0.0024EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 4:5 p.m.3 views

CVE-2026-49847 FreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSON

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

7.5CVSS5.9AI score0.00414EPSS
Exploits0References4
Rows per page
Query Builder