Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json vulnerabilities and exploits
(subscribe to this query)
8.3
CVSSv3
CVE-2024-22424
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same pare...
Linuxfoundation Argo-cd
Linuxfoundation Argo-cd 2.10.0
6.5
CVSSv3
CVE-2024-0405
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'devic...
Burst-statistics Burst Statistics
9.1
CVSSv3
CVE-2023-46943
An issue exists in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWT...
Evershop Evershop 1.0.0
9.8
CVSSv3
CVE-2023-50919
An issue exists on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4....
Gl-inet Gl-ax1800 Firmware 4.3.7
Gl-inet Gl-ax1800 Firmware 4.4.6
Gl-inet Gl-axt1800 Firmware 4.3.7
Gl-inet Gl-axt1800 Firmware 4.4.6
Gl-inet Gl-mt3000 Firmware 4.3.7
Gl-inet Gl-mt3000 Firmware 4.4.6
Gl-inet Gl-mt2500 Firmware 4.3.7
Gl-inet Gl-mt2500 Firmware 4.4.6
Gl-inet Gl-mt6000 Firmware 4.3.7
Gl-inet Gl-mt6000 Firmware 4.4.6
Gl-inet Gl-mt1300 Firmware 4.3.7
Gl-inet Gl-mt1300 Firmware 4.4.6
Gl-inet Gl-mt300n-v2 Firmware 4.3.7
Gl-inet Gl-mt300n-v2 Firmware 4.4.6
Gl-inet Gl-ar750s Firmware 4.3.7
Gl-inet Gl-ar750s Firmware 4.4.6
Gl-inet Gl-ar750 Firmware 4.3.7
Gl-inet Gl-ar750 Firmware 4.4.6
Gl-inet Gl-ar300m Firmware 4.3.7
Gl-inet Gl-ar300m Firmware 4.4.6
Gl-inet Gl-b1300 Firmware 4.3.7
Gl-inet Gl-b1300 Firmware 4.4.6
1 Metasploit module
4.3
CVSSv3
CVE-2023-6223
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible f...
Thimpress Learnpress
8.8
CVSSv3
CVE-2024-21669
Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifyin...
Hyperledger Aries Cloud Agent
Hyperledger Aries Cloud Agent 0.11.0
7.5
CVSSv3
CVE-2024-21664
jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability ...
Lestrrat-go Jwx
7.5
CVSSv3
CVE-2023-51701
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass...
Fastify Reply-from
5.4
CVSSv3
CVE-2023-52265
IDURAR (aka idurar-erp-crm) up to and including 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data.
Idurar Project Idurar
8.8
CVSSv3
CVE-2023-50858
Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a up to...
Billminozzi Anti Hacker
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »