Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json project vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-15239
In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to c...
Xmpp-http-upload Project Xmpp-http-upload
6.8
CVSSv2
CVE-2020-24807
The socket.io-file package up to and including 2.0.31 for Node.js relies on client-side validation of file types, which allows remote malicious users to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects pr...
Socket.io-file Project Socket.io-file
5
CVSSv2
CVE-2020-8237
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
Json-bigint Project Json-bigint
7.5
CVSSv2
CVE-2020-17479
jpv (aka Json Pattern Validator) prior to 2.2.2 does not properly validate input, as demonstrated by a corrupted array.
Json Pattern Validator Project Json Pattern Validator
5
CVSSv2
CVE-2020-13700
An issue exists in the acf-to-rest-api plugin up to and including 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as...
Acf To Rest Api Project Acf To Rest Api
4.3
CVSSv2
CVE-2020-10187
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an malicious user to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to reque...
Doorkeeper Project Doorkeeper
6.8
CVSSv2
CVE-2020-7965
flaskparser.py in Webargs 5.x up to and including 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows f...
Webargs Project Webargs
6.5
CVSSv2
CVE-2019-3683
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access...
Suse Openstack Cloud 8.0
Suse Keystone-json-assignment
Hp Helion Openstack 8.0
4
CVSSv2
CVE-2019-15009
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote malicious users to remove another user's favourite setting for a project via an improper authorization vulnerability.
Atlassian Crucible
Atlassian Fisheye
5
CVSSv2
CVE-2019-19507
In jpv (aka Json Pattern Validator) prior to 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a c...
Json Pattern Validator Project Json Pattern Validator
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »