Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json vulnerabilities and exploits
(subscribe to this query)
694
VMScore
CVE-2016-4074
The jv_dump_term function in jq 1.5 allows remote malicious users to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
Jq Project Jq
383
VMScore
CVE-2013-0256
darkfish.js in RDoc 2.3.0 up to and including 3.12 and 4.x prior to 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted URL.
Ruby-lang Rdoc
Ruby-lang Rdoc 4.0.0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0
Ruby-lang Ruby 2.0.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
790
VMScore
CVE-2022-20707
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an malicious user to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch ...
Cisco Rv340 Firmware
Cisco Rv340w Firmware
Cisco Rv345 Firmware
Cisco Rv345p Firmware
1 Metasploit module
383
VMScore
CVE-2013-4154
The qemuAgentCommand function in libvirt prior to 1.1.1, when a guest agent is not configured, allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "...
Redhat Libvirt 1.0.5
Redhat Libvirt 1.0.4
Redhat Libvirt 1.0.1
Redhat Libvirt
Redhat Libvirt 1.0.6
Redhat Libvirt 1.0.2
Redhat Libvirt 1.0.3
Redhat Libvirt 1.0.0
445
VMScore
CVE-2013-4153
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 up to and including 1.1.0 allows remote malicious users to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest&...
Redhat Libvirt 1.0.6
Redhat Libvirt 1.1.0
358
VMScore
CVE-2019-1002100
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application...
Kubernetes Kubernetes
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
5 Github repositories
873
VMScore
CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails prior to 2.3.15, 3.0.x prior to 3.0.19, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.11 does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and exe...
Rubyonrails Ruby On Rails
Rubyonrails Rails
Debian Debian Linux 7.0
Debian Debian Linux 6.0
2 EDB exploits
2 Metasploit modules
2 Nmap scripts
11 Github repositories
3 Articles
516
VMScore
CVE-2021-32677
FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forge...
Tiangolo Fastapi
Fedoraproject Fedora 34
1 Github repository
NA
CVE-2024-28176
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryptio...
NA
CVE-2023-22460
go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes to...
Protocol Go-ipld-prime
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »