| CVE-2024-5060 | LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor <= 1.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | kapasias | LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor | Medium | 6.4 | 2024-05-24 06:42:17 | Deep Dive |
| CVE-2024-24786 | Infinite loop in JSON unmarshaling in google.golang.org/protobuf | google.golang.org/protobuf | google.golang.org/protobuf/encoding/protojson | - | - | 2024-03-05 22:22:35 | Deep Dive |
| CVE-2024-1861 | Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.52 - Missing Authorization to Authenticated (Subscriber+) Table Truncation | sminozzi | Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan | Medium | 4.3 | 2024-02-28 09:33:35 | Deep Dive |
| CVE-2024-1860 | Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.51 - Missing Authorization to Unauthenticated IP Address Whitelist | sminozzi | Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan | Medium | 6.5 | 2024-02-28 09:33:34 | Deep Dive |
| CVE-2023-5123 | Improper Path Sanitization in JSON Datasource Plugin | Grafana | grafana-json-datasource | High | 8.0 | 2024-02-14 15:06:11 | Deep Dive |
| CVE-2024-24839 | WordPress Structured Content Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) | Gordon Böhme, Antonio Leutsch | Structured Content (JSON-LD) #wpsc | Medium | 6.5 | 2024-02-05 06:31:24 | Deep Dive |
| CVE-2023-50858 | WordPress Anti Hacker Plugin <= 4.34 is vulnerable to Cross Site Request Forgery (CSRF) | Bill Minozzi | Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan | Medium | 5.4 | 2023-12-28 10:31:44 | Deep Dive |
| CVE-2023-6268 | JSON Content Importer < 1.5.4 - Reflected XSS | Unknown | JSON Content Importer | - | - | 2023-12-26 18:33:05 | Deep Dive |
| CVE-2023-49819 | WordPress Structured Content Plugin <= 1.5.3 is vulnerable to PHP Object Injection | Gordon Böhme, Antonio Leutsch | Structured Content (JSON-LD) #wpsc | High | 7.5 | 2023-12-18 23:35:58 | Deep Dive |
| CVE-2023-49820 | WordPress Structured Content Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) | Gordon Böhme, Antonio Leutsch | Structured Content (JSON-LD) #wpsc | Medium | 6.5 | 2023-12-14 15:53:37 | Deep Dive |
| CVE-2023-50772 | Jenkins Dingding JSON Pusher Plugin 安全漏洞 | Jenkins Project | Jenkins Dingding JSON Pusher Plugin | - | - | 2023-12-13 17:30:19 | Deep Dive |
| CVE-2023-50773 | Jenkins Dingding JSON Pusher Plugin 安全漏洞 | Jenkins Project | Jenkins Dingding JSON Pusher Plugin | - | - | 2023-12-13 17:30:19 | Deep Dive |
| CVE-2023-48238 | JWT Algorithm Confusion in json-web-token library | joaquimserafim | json-web-token | High | 7.5 | 2023-11-17 21:35:00 | Deep Dive |
| CVE-2023-5072 | DoS Vulnerability in JSON-Java | https://github.com/stleary/JSON-java | - | High | 7.5 | 2023-10-12 16:13:28 | Deep Dive |
| CVE-2023-3040 | Out of Bounds Access Leading to Undefined Behavior | Cloudflare | lua-resty-json | Low | 3.7 | 2023-06-14 11:54:51 | Deep Dive |
| CVE-2022-47937 | Multiple parsing problems in the Apache Sling Commons JSON module | Apache Software Foundation | org.apache.sling.commons.json | 超危 | - | 2023-05-15 09:20:23 | Deep Dive |
| CVE-2023-25485 | WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS) | Bernhard Kux | JSON Content Importer | Medium | 5.9 | 2023-04-25 18:33:48 | Deep Dive |
| CVE-2023-1370 | Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON | json-smart | json-smart | High | 7.5 | 2023-03-13 09:04:36 | Deep Dive |
| CVE-2021-4329 | json-logic-js logic.js command injection | - | json-logic-js | Medium | 5.5 | 2023-03-05 19:00:06 | Deep Dive |
| CVE-2022-4666 | Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode | Unknown | Markup (JSON-LD) structured in schema.org | 中危 | - | 2023-02-21 08:51:01 | Deep Dive |