Lucene search
K

21 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/13 2:44 p.m.7 views

CVE-2026-44294

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS5.8AI score0.00431EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 2:44 p.m.25 views

CVE-2026-44294

CVE-2026-44294 affects protobufjs. Prior to versions 7.5.6 and 8.0.2, generated JavaScript property accessors from schema-controlled field and oneof names did not escape certain control characters in field names, which could cause generated encode, decode, verify, or conversion functions to fail ...

5.3CVSS5.8AI score0.00431EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 2:42 p.m.9 views

CVE-2026-44292 protobufjs: Prototype injection in generated message constructors

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:42 p.m.30 views

CVE-2026-44292

The CVE-2026-44292 issue affects protobufjs where generated message constructors copied enumerable properties from a provided object without filtering the proto key. This can let attackers pass an attacker-controlled plain object to a message constructor, causing per-instance prototype injection ...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/13 2:42 p.m.27 views

CVE-2026-44291

CVE-2026-44291 affects protobufjs: prior to versions 7.5.6 and 8.0.2, internal type lookup tables used by generated encode/decode functions could be polluted via Object.prototype, allowing attacker-controlled inherited properties to influence protobuf type information and potentially emit attacke...

8.1CVSS5.8AI score0.00499EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:41 p.m.8 views

CVE-2026-44290

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 2:39 p.m.76 views

CVE-2026-44289 protobufjs: Denial of service through unbounded protobuf recursion

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf...

7.5CVSS0.0058EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:37 p.m.24 views

CVE-2026-44288

CVE-2026-44288 affects protobufjs: prior to versions 7.5.6 and 8.0.2, its minimal UTF-8 decoder accepted overlong UTF-8 byte sequences and decoded them to canonical characters instead of replacing them. If an attacker supplies protobuf binary data decoded through that path, downstream checks that...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

protobuf.js 安全漏洞

protobuf.js is a pure JavaScript implementation of the protobuf.js project, open source. It provides a protocol buffer implementation that supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 a...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/12 3:6 p.m.10 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions when handling field names containing control characters in schemas or JSON descriptors. An attacker can cause runtime erro...

6.9CVSS6AI score0.00431EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 3:0 p.m.8 views

Improper Handling of Unicode Encoding

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the decoding of overlong UTF-8 strings. An attacker can bypass application-level byte filtering or validation by sending malicious...

6.9CVSS5.9AI score0.00301EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.12 views

Jupyter Notebook Python Library 7.0.0 < 7.5.6 (CVE-2026-42557)

Jupyter Notebook is an extensible environment for interactive and reproducible computing. The version of Jupyter Notebook installed on the remote host is 7.0.0 prior to 7.5.6. It is, therefore, affected by a vulnerability: - JupyterLab's command linker attributes in HTML enable one-click command...

9.6CVSS6AI score0.00386EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/06 8:16 p.m.9 views

CVE-2026-40171

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS6AI score0.00476EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.14 views

Jupyter多款产品 跨站脚本漏洞

Jupyter Notebook is an open-source web application developed by Project Jupyter, designed for creating and sharing code along with explanatory text documents. JupyterLab is another open-source project developed by JupyterLab, offering an extensible environment for interactive and reproducible...

8.4CVSS5.8AI score0.00476EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/30 5:25 p.m.3 views

Open Redirect

Overview @jupyter-notebook/help-extension is a Jupyter Notebook - Help Extension Affected versions of this package are vulnerable to Open Redirect in the CommandLinker class. An attacker can steal authentication tokens and gain unauthorized access to user accounts by convincing a user to open a...

8.8CVSS6AI score0.00476EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/30 5:25 p.m.9 views

Open Redirect

Overview notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Open Redirect in the CommandLinker class. An attacker can steal authentication tokens a...

8.8CVSS6AI score0.00476EPSS
Exploits0References3
CVE
CVE
added 2024/05/27 7:1 a.m.75 views

CVE-2024-26289

The CVE-2024-26289 issue is a Deserialization of Untrusted Data vulnerability in PMB Services PMB that enables Remote Code Inclusion. Concrete details from connected documents: affected PMB versions are 7.3.1–7.3.18, 7.4.1–7.4.9, and 7.5.1–7.5.6-2. Root cause is deserialization of untrusted data....

9.8CVSS9.8AI score0.00609EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.6 views

PT-2024-5291 · Pmb · Pmb

Name of the Vulnerable Software and Affected Versions: PMB versions 7.3.1 through 7.3.18 PMB versions 7.4.1 through 7.4.9 PMB versions 7.5.1 through 7.5.6-2 Description: The issue is related to the deserialization of untrusted data, which can lead to remote code inclusion. This allows a remote...

10CVSS8.4AI score0.00609EPSS
Exploits0References6
Cvelist
Cvelist
added 2012/09/23 5:0 p.m.27 views

CVE-2012-5104

Cross-site scripting XSS vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter...

5.7AI score0.01995EPSS
Exploits1References6
exploitpack
exploitpack
added 2012/01/04 12:0 a.m.17 views

UBBCentral UBB.Threads 7.5.6 - Username Cross-Site Scripting

UBBCentral UBB.Threads 7.5.6 - Username Cross-Site Scripting source: https://www.securityfocus.com/bid/51275/info UBB.threads is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...

6.8AI score
Exploits0
Rows per page
Query Builder