956 matches found
CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...
CVE-2026-44292 protobufjs: Prototype injection in generated message constructors
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...
CVE-2026-44292
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...
CVE-2026-44290 protobufjs: Process-wide denial of service through unsafe option paths
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...
CVE-2026-44288 protobufjs: Overlong UTF-8 decoding
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf...
CVE-2026-8431 Ops Manager RCE via webhook body
An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017701)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017701 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.23 and prior. Easily exploitable...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017680)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017680 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.22 and prior. Easily exploitable...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017737)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017737 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily...
EUVD-2026-28988
A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is...
PT-2026-36727
Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 3.8.1 Description An authentication bypass exists in the Ruoyi-Vue-Pro component. Manipulation of the mock-token argument within the doFilterInternal function of the JwtAuthenticationTokenFilter.java file...
UBUNTU-CVE-2026-6525
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4...
CVE-2026-36765
An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...
MD5 checksum creation may cause availability loss
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...
CVE-2026-32655
Dell Alienware Command Center AWCC, versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...
WordPress plugin HM Books Gallery 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
EUVD-2018-21789
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...
EUVD-2026-24295
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...
CVE-2026-34293
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...
CVE-2026-34267
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...