Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-24839
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a up to and includ...
Wpsc-plugin Structured Content
NA
CVE-2023-6267
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configurati...
Quarkus Quarkus
Quarkus Quarkus 3.2.9
Quarkus Quarkus 2.13.9
NA
CVE-2023-36177
An issue exists in badaix Snapcast version 0.27.0, allows remote malicious users to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API.
Badaix Snapcast
NA
CVE-2024-23732
The JSON loader in Embedchain prior to 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py.
Embedchain Embedchain
NA
CVE-2024-22424
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same pare...
Linuxfoundation Argo-cd
Linuxfoundation Argo-cd 2.10.0
NA
CVE-2024-0405
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'devic...
Burst-statistics Burst Statistics
NA
CVE-2023-46943
An issue exists in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWT...
Evershop Evershop 1.0.0
NA
CVE-2023-50919
An issue exists on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4....
Gl-inet Gl-ax1800 Firmware 4.3.7
Gl-inet Gl-ax1800 Firmware 4.4.6
Gl-inet Gl-axt1800 Firmware 4.3.7
Gl-inet Gl-axt1800 Firmware 4.4.6
Gl-inet Gl-mt3000 Firmware 4.3.7
Gl-inet Gl-mt3000 Firmware 4.4.6
Gl-inet Gl-mt2500 Firmware 4.3.7
Gl-inet Gl-mt2500 Firmware 4.4.6
Gl-inet Gl-mt6000 Firmware 4.3.7
Gl-inet Gl-mt6000 Firmware 4.4.6
Gl-inet Gl-mt1300 Firmware 4.3.7
Gl-inet Gl-mt1300 Firmware 4.4.6
Gl-inet Gl-mt300n-v2 Firmware 4.3.7
Gl-inet Gl-mt300n-v2 Firmware 4.4.6
Gl-inet Gl-ar750s Firmware 4.3.7
Gl-inet Gl-ar750s Firmware 4.4.6
Gl-inet Gl-ar750 Firmware 4.3.7
Gl-inet Gl-ar750 Firmware 4.4.6
Gl-inet Gl-ar300m Firmware 4.3.7
Gl-inet Gl-ar300m Firmware 4.4.6
Gl-inet Gl-b1300 Firmware 4.3.7
Gl-inet Gl-b1300 Firmware 4.4.6
1 Metasploit module
NA
CVE-2023-6223
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible f...
Thimpress Learnpress
NA
CVE-2024-21669
Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifyin...
Hyperledger Aries Cloud Agent
Hyperledger Aries Cloud Agent 0.11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »