Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-31462
stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input i...
NA
CVE-2024-3283
A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multi_us...
NA
CVE-2024-22423
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion o...
1 Github repository
NA
CVE-2099-9999
spec-version v0.4.0 app-sploit: An example app follows sploit-spec Just an example, do not import code under example folder Usage ❯ ./appsploit_linux_amd64 NAME: appsploit - An example sploit tool follows sploit-spec USAGE: appsploit [global op...
1 Github repository
NA
CVE-2024-26577
VSeeFace up to and including 1.13.38.c2 allows malicious users to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data.
NA
CVE-2023-48296
OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4.
NA
CVE-2020-36827
The XAO::Web module prior to 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.
NA
CVE-2024-27921
Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling malicious users to replace or create files with extensions like .json, .zip, .css, .gif, etc. This crit...
NA
CVE-2024-29032
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead t...
NA
CVE-2021-47157
The Kossy module prior to 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »