NPM: protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion

NPM: protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.7...

CVE-2026-45740 protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...

PT-2026-40697

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.8 protobufjs versions prior to 8.2.0 Description protobufjs compiles protobuf definitions into JavaScript functions. The software can recurse without a depth limit when expanding nested JSON descriptors through...

protobuf.js 安全漏洞

protobuf.js is an open-source implementation of the Protocol Buffer library, written entirely in JavaScript. It supports protocols for Node.js and browsers using TypeScript. It’s easy to use, extremely fast, and can be used out of the box with.proto files. Versions prior to 7.5.8 and 8.2.0 of...

Improper Handling of Unicode Encoding

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the decoding of overlong UTF-8 strings. An attacker can bypass application-level byte filtering or validation by sending malicious...

Sentry 代码注入漏洞

Sentry is an open-source error tracking and performance monitoring platform for developers. Version Sentry 8.2.0 contains a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated superusers to execute arbitrary commands by injecting...

@adonisjs/http-server has an Open Redirect vulnerability

Impact The response.redirect.back method in @adonisjs/http-server is vulnerable to open redirects. The method reads the Referer header from the incoming HTTP request and redirects to that URL without validating the host. An attacker who can influence the Referer header for example, by linking a...

IBM Storage Protect Server SQL Injection Vulnerability

IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...

EUVD-2026-20472

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the logback-core library that could allow denial-of-service through specially crafted inputs (CVE-2026-1225).

Summary IBM Storage Protect Server uses the logback-core library in certain components; the library is affected by an input handling flaw that could allow specially crafted inputs to trigger a denial-of-service condition. Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in...

org.webjars.npm:chai-backbone (=0.9.2), org.webjars.npm:express (=5.1.0) +5 more potentially affected by CVE-2026-4923 via org.webjars.npm:path-to-regexp (=8.2.0)

org.webjars.npm:path-to-regexp MAVEN version =8.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:path-to-regexp and may be impacted: - org.webjars.npm:chai-backbone =0.9.2 - org.webjars.npm:express =5.1.0 -...

EUVD-2026-5007

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...

CVE-2025-12464 affecting package qemu for versions less than 8.2.0-25

CVE-2025-12464 affecting package qemu for versions less than 8.2.0-25. A patched version of the package is available...

Security Bulletin: Denial of Service vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2025-36732)

Summary IBM WebSphere Application Server Liberty is vulnerable to DoS by sending a specially-crafted request attack which can affect IBM Spectrum Protect formerly Tivoli Storage Manager Operations Center Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 fo...

CVE-2025-11234 affecting package qemu for versions less than 8.2.0-23

CVE-2025-11234 affecting package qemu for versions less than 8.2.0-23. A patched version of the package is available...

CVE-2025-62507

CVE-2025-62507 affects Redis Open Source. In Redis versions 8.2.0 and above, the XACKDEL command can trigger a stack-based buffer overflow, potentially enabling remote code execution. The issue is fixed in Redis 8.2.3; remediation guidance includes upgrading to 8.2.3 or applying ACLs to restrict ...

CVE-2025-62507 Redis: Bug in XACKDEL may lead to stack overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this...

PT-2025-44989

Name of the Vulnerable Software and Affected Versions Redis versions 8.2.0 through 8.2.2 Description Redis, an open-source, in-memory database, contains a stack buffer overflow issue in the XACKDEL command when handling multiple IDs. Successful exploitation of this issue may allow a remote attack...

Linux Distros Unpatched Vulnerability : CVE-2025-11979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under...

EUVD-2017-15706

Malware in sbrugna...