| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34481 | Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout | Apache Software Foundation | Apache Log4j JSON Template Layout | 中危 | - | 2026-04-10 15:43:00 | Deep Dive |
| CVE-2026-33210 | Ruby JSON has a format string injection vulnerability | ruby | json | 中危 | - | 2026-03-20 22:57:09 | Deep Dive |
| CVE-2026-27206 | Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize() | zumba | json-serializer | High | 8.1 | 2026-02-21 07:01:01 | Deep Dive |
| CVE-2025-10926 | JSON Field - Critical - Cross Site Scripting - SA-CONTRIB-2025-106 | Drupal | JSON Field | - | - | 2025-10-29 23:12:57 | Deep Dive |
| CVE-2025-9552 | Synchronize composer.json With Contrib Modules - Critical - Unsupported - SA-CONTRIB-2025-102 | Drupal | Synchronize composer.json With Contrib Modules | - | - | 2025-10-10 22:25:22 | Deep Dive |
| CVE-2025-40930 | JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact | PJUHASZ | JSON::SIMD | - | - | 2025-09-08 15:09:01 | Deep Dive |
| CVE-2025-40929 | Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact | RURBAN | Cpanel::JSON::XS | - | - | 2025-09-08 15:08:52 | Deep Dive |
| CVE-2025-40928 | JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact | MLEHMANN | JSON::XS | - | - | 2025-09-08 15:08:22 | Deep Dive |
| CVE-2025-3414 | Structured Content < 1.7.0 - Contributor Stored XSS | Unknown | Structured Content (JSON-LD) #wpsc | - | - | 2025-08-14 06:00:02 | Deep Dive |
| CVE-2024-58264 | serde-json-wasm crate 安全漏洞 | CosmWasm | serde-json-wasm | Low | 3.2 | 2025-07-27 00:00:00 | Deep Dive |
| CVE-2025-4608 | Structured Content <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode | gorbo | Structured Content (JSON-LD) #wpsc | Medium | 6.4 | 2025-07-24 09:22:21 | Deep Dive |
| CVE-2025-31908 | WordPress JSON Structuring Markup plugin <= 0.1 - CSRF to Stored XSS vulnerability | Sami Ahmed Siddiqui | JSON Structuring Markup | High | 7.1 | 2025-04-01 14:52:25 | Deep Dive |
| CVE-2025-27788 | Ruby JSON Parser has Out-of-bounds Read | ruby | json | High | 7.5 | 2025-03-12 13:51:53 | Deep Dive |
| CVE-2025-27607 | Python JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependency | nhairs | python-json-logger | High | 8.8 | 2025-03-07 16:18:14 | Deep Dive |
| CVE-2025-0512 | Structured Content (JSON-LD) #wpsc <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode | gorbo | Structured Content (JSON-LD) #wpsc | Medium | 6.4 | 2025-03-04 08:23:41 | Deep Dive |
| CVE-2025-23736 | WordPress Form To JSON plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | webgdawg | Form To JSON | High | 7.1 | 2025-03-03 13:30:17 | Deep Dive |
| CVE-2024-13258 | Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022 | Drupal | Drupal REST & JSON API Authentication | 中危 | - | 2025-01-09 19:05:30 | Deep Dive |
| CVE-2023-27531 | Kredis 安全漏洞 | Rails | Kredis JSON | 中危 | - | 2025-01-09 00:33:48 | Deep Dive |
| CVE-2024-38723 | WordPress Get Use APIs – JSON Content Importer plugin <= 1.5.6 - Server Side Request Forgery (SSRF) vulnerability | Bernhard Kux | JSON Content Importer | Medium | 6.4 | 2024-07-22 10:24:18 | Deep Dive |
| CVE-2024-6624 | JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation | parorrey | JSON API User | Critical | 9.8 | 2024-07-11 06:43:13 | Deep Dive |