Show filters
139 Total Results
Displaying 1-10 of 139
Sort by:
Attacker Value
Unknown

CVE-2025-27788

Disclosure Date: March 12, 2025 (last updated March 13, 2025)
JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available.
0
Attacker Value
Unknown

CVE-2025-27607

Disclosure Date: March 07, 2025 (last updated March 08, 2025)
Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0.
0
Attacker Value
Unknown

CVE-2025-23736

Disclosure Date: March 03, 2025 (last updated March 04, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Form To JSON allows Reflected XSS. This issue affects Form To JSON: from n/a through 1.0.
0
Attacker Value
Unknown

CVE-2024-13258

Disclosure Date: January 09, 2025 (last updated February 27, 2025)
Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13.
0
Attacker Value
Unknown

CVE-2023-27531

Disclosure Date: January 09, 2025 (last updated February 27, 2025)
There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code
0
Attacker Value
Unknown

CVE-2024-38984

Disclosure Date: July 30, 2024 (last updated February 26, 2025)
Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via the __proto__ property.
Attacker Value
Unknown

CVE-2024-38723

Disclosure Date: July 22, 2024 (last updated February 26, 2025)
Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.This issue affects JSON Content Importer: from n/a through 1.5.6.
Attacker Value
Unknown

CVE-2024-6624

Disclosure Date: July 11, 2024 (last updated July 13, 2024)
The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed.
Attacker Value
Unknown

CVE-2024-39684

Disclosure Date: July 09, 2024 (last updated February 26, 2025)
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.
0
Attacker Value
Unknown

CVE-2024-38517

Disclosure Date: July 09, 2024 (last updated February 26, 2025)
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.
0