Known Vulnerabilities for Json-path by Symfony
Listed below are 10 of the newest known vulnerabilities associated with "Json-path" by "Symfony".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-61505 json | Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated a... | Not Provided | 2026-07-13 | 2026-07-14 |
| CVE-2026-60114 json | Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a path traversal vulnerability that allows attackers wi... | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2026-59854 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, POST /api/file/globalCopyFiles accepts attacke... | Not Provided | 2026-07-09 | 2026-07-10 |
| CVE-2026-59832 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSni... | Not Provided | 2026-07-09 | 2026-07-10 |
| CVE-2026-58170 json | Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker pro... | Not Provided | 2026-06-30 | 2026-07-14 |
| CVE-2026-56352 json | n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which... | Not Provided | 2026-07-15 | 2026-07-15 |
| CVE-2026-56345 json | AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint... | Not Provided | 2026-06-20 | 2026-06-23 |
| CVE-2026-54592 json | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_... | Not Provided | 2026-07-01 | 2026-07-01 |
| CVE-2026-54518 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21... | Not Provided | 2026-06-23 | 2026-06-24 |
| CVE-2026-54517 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21... | Not Provided | 2026-06-23 | 2026-06-24 |