Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json project json vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-52265
IDURAR (aka idurar-erp-crm) up to and including 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data.
Idurar Project Idurar
668
VMScore
CVE-2021-23820
This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.
Jsonpointer Project Jsonpointer -
356
VMScore
CVE-2017-7589
In OpenIDM up to and including 4.0.0 prior to 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a m...
Openidm Project Openidm
Openidm Project Openidm 4.5.0
445
VMScore
CVE-2019-15550
An issue exists in the simd-json crate prior to 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary.
Simdjson Project Simdjson
668
VMScore
CVE-2018-19558
An issue exists in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php.
Arcms Project Arcms
383
VMScore
CVE-2021-43635
A Cross Site Scripting (XSS) vulnerability exists in Codex prior to 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.
Codex Project Codex
NA
CVE-2022-38493
Rhonabwy 0.9.99 up to and including 1.1.x prior to 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows malicious users to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.
Rhonabwy Project Rhonabwy
NA
CVE-2023-38337
rswag prior to 2.10.1 allows remote malicious users to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.
Rswag Project Rswag
516
VMScore
CVE-2018-17937
gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote malicious users to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.
Gpsd Project Gpsd
Microjson Project Microjson
Debian Debian Linux 8.0
Debian Debian Linux 9.0
383
VMScore
CVE-2017-16881
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService...
Symphony Project Symphony 2.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »