25 matches found
CVE-2026-25878
creationtimestamp| type| source ---|---|--- 2026-02-10 08:10:05+00:00| seen| https://gist.github.com/alon710/647bef82efc8bc03f3b4034f54af7e26...
CVE-2026-25878 FroshAdminer Adminer UI is accessible without admin session
FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2.1, the Adminer route /admin/adminer was accessible without Shopware admin authentication. The route was configured with authrequired=false and performed no session validation, exposing the Adminer UI to unauthenticated users...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to prototype pollution due to the protobufjs package (CVE-2022-25878)
Summary Protobufjs is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2022-25878 DESCRIPTION: The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the...
CVE-2021-25878
AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...
Linux Distros Unpatched Vulnerability : CVE-2022-25878
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This...
CVE-2025-25878
creationtimestamp| type| source ---|---|--- 2025-02-21 18:18:50+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/4938 2025-02-21 19:46:35+00:00| seen| https://t.me/cvedetector/18665...
CVE-2025-25878
The CVE-2025-25878 entry concerns ITSourcecode Simple ChatBox (up to version 1.0). The vulnerability is tied to the /del.php file, where SQL injection may allow an attacker to obtain sensitive data. The publicly documented impact is limited to data disclosure with a CVSSv3.1 base score of 3.8 (LO...
CVE-2025-25878
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /del.php. The attack can use SQL injection to obtain sensitive data...
protobufjs Prototype Pollution vulnerability
protobuf.js aka protobufjs 6.10.0 until 6.11.4 and 7.0.0 until 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and...
Design/Logic Flaw
"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...
CVE-2023-25878
creationtimestamp| type| source ---|---|--- 2023-03-28 00:37:59+00:00| seen| https://t.me/cibsecurity/60826...
CVE-2023-25878
Adobe Substance 3D Stager versions 2.0.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in tha...
CVE-2023-25878
CVE-2023-25878 affects Adobe Substance 3D Stager, specifically versions 2.0.0 and earlier. The issue is an out-of-bounds read in the OBJ file parsing that can disclose memory contents, with the attacker able to bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). D...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to arbitrary code execution due to CVE-2022-25878
Summary Node.js module protobufjs is used internally by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported...
CVE-2022-25878
creationtimestamp| type| source ---|---|--- 2022-05-28 00:15:22+00:00| seen| https://t.me/cibsecurity/43506 2023-07-05 18:21:53+00:00| seen| https://t.me/cibsecurity/65973...
@0cfg/rpc-common (>=0.0.1 <=0.1.3), @0cfg/rpc-node (>=0.0.1 <=0.1.3) +311 more potentially affected by CVE-2022-25878 via protobufjs (>=6.11.1 <=6.11.2)
protobufjs NPM version =6.11.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.11, =0.0.2, =0.1.0, =4.0.0, =1.0.0, =0.4.21, =1.0.3, =0.1.0, =0.1.0, =0.4.115, =0.5.167 - @atomist/npm-release-skill =0.1.1-110 and more Source cves: CVE-2022-25878 Source advisory: OSV:GHSA-G954-5HWP-PP24...
CVE-2022-25878 Prototype Pollution
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption...
CVE-2022-25878
CVE-2022-25878 affects protobufjs with Prototype Pollution (Object.prototype) via untrusted input to util.setProperty, ReflectionObject.setParsedOption, or .proto parsing. Connected docs show a related entry (CVE-2023-36665) describing protobufjs 6.10.0–7.x before 7.2.5 as vulnerable to prototype...
@0cfg/rpc-common (>=0.0.1 <=0.1.3), @0cfg/rpc-node (>=0.0.1 <=0.1.3) +311 more potentially affected by CVE-2022-25878 via protobufjs (>=6.11.1 <=6.11.2)
protobufjs NPM version =6.11.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.11, =0.0.2, =0.1.0, =4.0.0, =1.0.0, =0.4.21, =1.0.3, =0.1.0, =0.1.0, =0.4.115, =0.5.167 - @atomist/npm-release-skill =0.1.1-110 and more Source cves: CVE-2022-25878 Source advisory: SNYK:JS-PROTOBUFJS-2441248...
CVE-2021-25878
creationtimestamp| type| source ---|---|--- 2021-11-01 15:21:27+00:00| seen| https://t.me/cibsecurity/31547...