Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json project json vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-52265
IDURAR (aka idurar-erp-crm) up to and including 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data.
Idurar Project Idurar
9.8
CVSSv3
CVE-2021-23820
This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.
Jsonpointer Project Jsonpointer -
6.5
CVSSv3
CVE-2017-7589
In OpenIDM up to and including 4.0.0 prior to 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a m...
Openidm Project Openidm
Openidm Project Openidm 4.5.0
7.5
CVSSv3
CVE-2019-15550
An issue exists in the simd-json crate prior to 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary.
Simdjson Project Simdjson
9.8
CVSSv3
CVE-2018-19558
An issue exists in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php.
Arcms Project Arcms
6.1
CVSSv3
CVE-2021-43635
A Cross Site Scripting (XSS) vulnerability exists in Codex prior to 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.
Codex Project Codex
7.5
CVSSv3
CVE-2022-38493
Rhonabwy 0.9.99 up to and including 1.1.x prior to 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows malicious users to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.
Rhonabwy Project Rhonabwy
7.5
CVSSv3
CVE-2023-38337
rswag prior to 2.10.1 allows remote malicious users to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.
Rswag Project Rswag
8.8
CVSSv3
CVE-2018-17937
gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote malicious users to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.
Gpsd Project Gpsd
Microjson Project Microjson
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2017-16881
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService...
Symphony Project Symphony 2.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »