21 matches found
CVE-2026-44294
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...
CVE-2026-44294
CVE-2026-44294 affects protobufjs. Prior to versions 7.5.6 and 8.0.2, generated JavaScript property accessors from schema-controlled field and oneof names did not escape certain control characters in field names, which could cause generated encode, decode, verify, or conversion functions to fail ...
CVE-2026-44292 protobufjs: Prototype injection in generated message constructors
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...
CVE-2026-44292
The CVE-2026-44292 issue affects protobufjs where generated message constructors copied enumerable properties from a provided object without filtering the proto key. This can let attackers pass an attacker-controlled plain object to a message constructor, causing per-instance prototype injection ...
CVE-2026-44291
CVE-2026-44291 affects protobufjs: prior to versions 7.5.6 and 8.0.2, internal type lookup tables used by generated encode/decode functions could be polluted via Object.prototype, allowing attacker-controlled inherited properties to influence protobuf type information and potentially emit attacke...
CVE-2026-44290
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...
CVE-2026-44289 protobufjs: Denial of service through unbounded protobuf recursion
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf...
CVE-2026-44288
CVE-2026-44288 affects protobufjs: prior to versions 7.5.6 and 8.0.2, its minimal UTF-8 decoder accepted overlong UTF-8 byte sequences and decoded them to canonical characters instead of replacing them. If an attacker supplies protobuf binary data decoded through that path, downstream checks that...
protobuf.js 安全漏洞
protobuf.js is a pure JavaScript implementation of the protobuf.js project, open source. It provides a protocol buffer implementation that supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 a...
Improper Check for Unusual or Exceptional Conditions
Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions when handling field names containing control characters in schemas or JSON descriptors. An attacker can cause runtime erro...
Improper Handling of Unicode Encoding
Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the decoding of overlong UTF-8 strings. An attacker can bypass application-level byte filtering or validation by sending malicious...
Jupyter Notebook Python Library 7.0.0 < 7.5.6 (CVE-2026-42557)
Jupyter Notebook is an extensible environment for interactive and reproducible computing. The version of Jupyter Notebook installed on the remote host is 7.0.0 prior to 7.5.6. It is, therefore, affected by a vulnerability: - JupyterLab's command linker attributes in HTML enable one-click command...
CVE-2026-40171
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
Jupyter多款产品 跨站脚本漏洞
Jupyter Notebook is an open-source web application developed by Project Jupyter, designed for creating and sharing code along with explanatory text documents. JupyterLab is another open-source project developed by JupyterLab, offering an extensible environment for interactive and reproducible...
Open Redirect
Overview @jupyter-notebook/help-extension is a Jupyter Notebook - Help Extension Affected versions of this package are vulnerable to Open Redirect in the CommandLinker class. An attacker can steal authentication tokens and gain unauthorized access to user accounts by convincing a user to open a...
Open Redirect
Overview notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Open Redirect in the CommandLinker class. An attacker can steal authentication tokens a...
CVE-2024-26289
The CVE-2024-26289 issue is a Deserialization of Untrusted Data vulnerability in PMB Services PMB that enables Remote Code Inclusion. Concrete details from connected documents: affected PMB versions are 7.3.1–7.3.18, 7.4.1–7.4.9, and 7.5.1–7.5.6-2. Root cause is deserialization of untrusted data....
PT-2024-5291 · Pmb · Pmb
Name of the Vulnerable Software and Affected Versions: PMB versions 7.3.1 through 7.3.18 PMB versions 7.4.1 through 7.4.9 PMB versions 7.5.1 through 7.5.6-2 Description: The issue is related to the deserialization of untrusted data, which can lead to remote code inclusion. This allows a remote...
CVE-2012-5104
Cross-site scripting XSS vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter...
UBBCentral UBB.Threads 7.5.6 - Username Cross-Site Scripting
UBBCentral UBB.Threads 7.5.6 - Username Cross-Site Scripting source: https://www.securityfocus.com/bid/51275/info UBB.threads is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...