Lucene search
K

956 matches found

Cvelist
Cvelist
added 2026/05/13 2:43 p.m.53 views

CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

7.7CVSS0.00381EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:42 p.m.62 views

CVE-2026-44292 protobufjs: Prototype injection in generated message constructors

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

5.3CVSS0.00264EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:42 p.m.10 views

CVE-2026-44292

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 2:41 p.m.58 views

CVE-2026-44290 protobufjs: Process-wide denial of service through unsafe option paths

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

7.5CVSS0.00374EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:37 p.m.61 views

CVE-2026-44288 protobufjs: Overlong UTF-8 decoding

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf...

5.3CVSS0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:37 p.m.15 views

CVE-2026-8431 Ops Manager RCE via webhook body

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...

9.4CVSS6AI score0.00371EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017701)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017701 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.23 and prior. Easily exploitable...

4.9CVSS6.7AI score0.01319EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017680)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017680 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.22 and prior. Easily exploitable...

6.8CVSS6.8AI score0.0224EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.12 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017737)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017737 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily...

4.9CVSS6.7AI score0.0278EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/10 9:31 a.m.15 views

EUVD-2026-28988

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is...

5.5CVSS5.7AI score0.01387EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.12 views

PT-2026-36727

Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 3.8.1 Description An authentication bypass exists in the Ruoyi-Vue-Pro component. Manipulation of the mock-token argument within the doFilterInternal function of the JwtAuthenticationTokenFilter.java file...

7.5CVSS7.1AI score0.00405EPSS
Exploits0References8
OSV
OSV
added 2026/05/02 12:16 p.m.4 views

UBUNTU-CVE-2026-6525

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

5.5CVSS5.8AI score0.00181EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

6.2AI score0.00334EPSS
Exploits0References2
MongoDB
MongoDB
added 2026/04/29 4:47 p.m.7 views

MD5 checksum creation may cause availability loss

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.5CVSS5.2AI score0.00255EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/27 7:16 p.m.10 views

CVE-2026-32655

Dell Alienware Command Center AWCC, versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

7.8CVSS0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.13 views

WordPress plugin HM Books Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00323EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 6:31 p.m.3 views

EUVD-2018-21789

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/21 9:31 p.m.6 views

EUVD-2026-24295

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.4 views

CVE-2026-34293

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.9 views

CVE-2026-34267

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder