Lucene search
K

287 matches found

RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.12 views

CVE-2026-42290

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/13 5:22 p.m.7 views

10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3276 more potentially affected by CVE-2026-45740 via protobufjs (>=7.0.0 <=7.5.6)

protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =0.0.2-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =6.0.0, =2.0.2, =3.3.2 and more Source cves: CVE-2026-45740 Source advisory: SNYK:JS-PROTOBUFJS-16657755...

7.5CVSS5.7AI score0.00263EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 5:22 p.m.8 views

@0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18), @20206205tech/nestjs-common (>=0.8.0 <=0.11.3) +961 more potentially affected by CVE-2026-45740 via protobufjs (>=8.0.0 <=8.0.3)

protobufjs NPM version =8.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =0.3.1, =0.3.1, =0.7.1, =0.7.0, =0.8.0 and more Source cves: CVE-2026-45740 Source advisory: SNYK:JS-PROTOBUFJS-16657755...

7.5CVSS5.7AI score0.00263EPSS
Exploits0
Snyk
Snyk
added 2026/05/13 5:22 p.m.8 views

Uncontrolled Recursion

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Uncontrolled Recursion through the Root.fromJSON or Namespace.addJSON functions. An attacker can cause resource exhaustion and disrupt service availability by submitting a...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/13 5:22 p.m.15 views

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-45740 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-45740 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16657756...

7.5CVSS5.8AI score0.00263EPSS
Exploits0
NVD
NVD
added 2026/05/13 4:17 p.m.12 views

CVE-2026-45740

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...

7.5CVSS0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.43 views

CVE-2026-44292

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

5.3CVSS0.00264EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.20 views

CVE-2026-44294

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS0.00431EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.13 views

CVE-2026-44295

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS0.00395EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.27 views

CVE-2026-44293

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

8.8CVSS0.00381EPSS
Exploits0References10
NVD
NVD
added 2026/05/13 4:16 p.m.45 views

CVE-2026-44289

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf...

7.5CVSS0.0058EPSS
Exploits0References4
NVD
NVD
added 2026/05/13 4:16 p.m.48 views

CVE-2026-44288

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf...

5.3CVSS0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.34 views

CVE-2026-44290

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

7.5CVSS0.00374EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.43 views

CVE-2026-44291

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup table...

8.1CVSS0.00499EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.16 views

CVE-2026-42290

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

7.8CVSS0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:50 p.m.35 views

CVE-2026-44295 protobufjs-cli: Code injection in pbjs static output from crafted schema names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:50 p.m.9 views

CVE-2026-44295 protobufjs-cli: Code injection in pbjs static output from crafted schema names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:50 p.m.6 views

CVE-2026-44295

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 2:50 p.m.21 views

CVE-2026-44295

The CVE-2026-44295 entry concerns protobufjs-cli (pbjs) static code generation. The issue: when generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the output without sufficient sanitization, enabling...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 2:49 p.m.33 views

CVE-2026-42290 protobufjs-cli: OS Command Injection

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

7.8CVSS0.00132EPSS
Exploits0References1
Rows per page
Query Builder