Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-17483
An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about ...
Uffizio Gps Tracker
NA
CVE-2023-49820
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a up to and includ...
Wpsc-plugin Structured Content
NA
CVE-2023-50246
jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.
Jqlang Jq 1.7
NA
CVE-2023-50268
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.
Jqlang Jq 1.7
NA
CVE-2023-50772
Jenkins Dingding JSON Pusher Plugin 2.0 and previous versions stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Jenkins Dingding Json Pusher
NA
CVE-2023-50773
Jenkins Dingding JSON Pusher Plugin 2.0 and previous versions does not mask access tokens displayed on the job configuration form, increasing the potential for malicious users to observe and capture them.
Jenkins Dingding Json Pusher
NA
CVE-2023-49080
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can includ...
Jupyter Jupyter Server
NA
CVE-2023-48176
An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote malicious user to gain escalated privileges via crafted jwt (JSON web token).
Mizhexiaoxiao Websiteguide 0.2
NA
CVE-2023-48223
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match a...
Nearform Fast-jwt
NA
CVE-2023-48238
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm conf...
Joaquimserafim Json Web Token
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »