Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50772
Jenkins Dingding JSON Pusher Plugin 2.0 and previous versions stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Jenkins Dingding Json Pusher
NA
CVE-2023-50773
Jenkins Dingding JSON Pusher Plugin 2.0 and previous versions does not mask access tokens displayed on the job configuration form, increasing the potential for malicious users to observe and capture them.
Jenkins Dingding Json Pusher
NA
CVE-2023-49080
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can includ...
Jupyter Jupyter Server
NA
CVE-2023-48176
An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote malicious user to gain escalated privileges via crafted jwt (JSON web token).
Mizhexiaoxiao Websiteguide 0.2
NA
CVE-2023-48223
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match a...
Nearform Fast-jwt
NA
CVE-2023-48238
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm conf...
Joaquimserafim Json Web Token
NA
CVE-2020-11447
An issue exists on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device.
Bell Home Hub 3000 Firmware Sg48222070
NA
CVE-2023-46672
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/r...
Elastic Logstash
Elastic Logstash 7.12.1
NA
CVE-2023-47114
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal...
Ethyca Fides
NA
CVE-2023-46253
Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated malicious user to gain remote code execution (RCE). Squidex allows users with the ...
Squidex.io Squidex 7.8.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »