Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/05/13 2:44 p.m.37 views

CVE-2026-44294 protobufjs: Denial of service from crafted field names in generated code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS0.00431EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:44 p.m.26 views

CVE-2026-44294

CVE-2026-44294 affects protobufjs. Prior to versions 7.5.6 and 8.0.2, generated JavaScript property accessors from schema-controlled field and oneof names did not escape certain control characters in field names, which could cause generated encode, decode, verify, or conversion functions to fail ...

5.3CVSS5.8AI score0.00431EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/13 2:44 p.m.2 views

CVE-2026-44294 protobufjs: Denial of service from crafted field names in generated code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS6.3AI score0.00431EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/12 3:6 p.m.11 views

NPM: protobuf.js: Denial of service from crafted field names in generated code

NPM: protobuf.js: Denial of service from crafted field names in generated code vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...

5.3CVSS5.9AI score0.00431EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/11 7:58 p.m.28 views

CVE-2026-32234 Parse Server has a SQL injection via query field name when using PostgreSQL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36, an attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with...

5.1CVSS0.00201EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.10 and 8.6.36 contain a SQL injection vulnerability. This vulnerability arises when PostgreSQL database is used in...

5.1CVSS5.8AI score0.00201EPSS
Exploits0References3
Rows per page
Query Builder