Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-18854
Lightbend Spray spray-json up to and including 1.3.4 allows remote malicious users to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).
Lightbend Spray-json
4.3
CVSSv3
CVE-2023-50772
Jenkins Dingding JSON Pusher Plugin 2.0 and previous versions stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Jenkins Dingding Json Pusher
4.3
CVSSv3
CVE-2023-50773
Jenkins Dingding JSON Pusher Plugin 2.0 and previous versions does not mask access tokens displayed on the job configuration form, increasing the potential for malicious users to observe and capture them.
Jenkins Dingding Json Pusher
9.8
CVSSv3
CVE-2022-41382
The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
Democritus D8s-json 0.1.0
7.5
CVSSv3
CVE-2023-48238
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm conf...
Joaquimserafim Json Web Token
9.8
CVSSv3
CVE-2022-47937
Improper input validation in the Apache Sling Commons JSON bundle allows an malicious user to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers ar...
Apache Sling Commons Json
7.5
CVSSv3
CVE-2023-3040
A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an malicious user to launch a DoS if the function was used to parse untrusted input data. It i...
Cloudflare Lua-resty-json
9.8
CVSSv3
CVE-2021-4279
A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The att...
Starcounter-jack Json-patch
5.3
CVSSv3
CVE-2023-51074
json-path v2.8.0 exists to contain a stack overflow via the Criteria.parse() method.
Json-path Jayway Jsonpath 2.8.0
2 Github repositories
5.9
CVSSv3
CVE-2021-27568
An issue exists in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 up to and including 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash o...
Json-smart Project Json-smart-v1
Json-smart Project Json-smart-v2
Oracle Weblogic Server 12.2.1.3.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Weblogic Server 14.1.1.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Utilities Framework 4.4.0.3.0
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Oss Support Tools
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »