Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json project vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-38337
rswag prior to 2.10.1 allows remote malicious users to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.
Rswag Project Rswag
9.8
CVSSv3
CVE-2023-25560
DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an...
Datahub Project Datahub
6.5
CVSSv3
CVE-2022-3880
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin prior to 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate ar...
Antihacker Project Antihacker
6.1
CVSSv3
CVE-2017-16881
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService...
Symphony Project Symphony 2.2.0
9.8
CVSSv3
CVE-2013-7285
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote malicious user to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
Xstream Project Xstream
Xstream Project Xstream 1.4.10
1 EDB exploit
4 Github repositories
3.3
CVSSv3
CVE-2021-41106
JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms (HS256, HS384, and HS512) combined with `Lcobucci\JWT\Signer\Key\LocalFileReference` as key are having their tokens issued/validated usin...
Jwt Project Jwt
9.8
CVSSv3
CVE-2022-35411
rpc.py up to and including 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processe...
Rpc.py Project Rpc.py
1 Github repository
9.8
CVSSv3
CVE-2018-14399
libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote malicious users to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI.
Phpcms Project Phpcms 9.6.0
7.5
CVSSv3
CVE-2022-21803
This affects the package nconf prior to 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By pro...
Nconf Project Nconf
7.1
CVSSv3
CVE-2018-20579
Contiki-NG prior to 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character.
Contiki-ng Project Contiki-ng 4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »