281 matches found
CVE-2026-9002
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...
CVE-2026-9002
IBM WebSphere eXtremes Scale is affected in versions 8.6.1.0–8.6.1.6 by an XDF decoder validation issue. The decoder may mishandle deeply nested Protocol Buffers messages and attacker-controlled length prefixes without proper bounds checking, enabling an adjacent attacker to trigger StackOverflow...
EUVD-2026-40379
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...
CVE-2026-9002 IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...
PT-2026-53951
Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description Improper validation in the XDF decoder allows an adjacent attacker to cause a denial of service. The application processes deeply nested Protocol Buffers messages and...
IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7278346)
The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by a vulnerability as referenced in the 7278346 advisory. - IBM WebSphere eXtreme Scale could allow an adjacent attacker to cause a denial of service due to improper...
CVE-2026-45740
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...
Security Bulletin: There is a vulnerability in protocol-buffers-schema-3.6.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-5758)
Summary There is a vulnerability in protocol-buffers-schema-3.6.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-5758 DESCRIPTION: JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0,...
USN-8063-2 protobuf vulnerability
USN-8063-1 fixed a vulnerability in Protocol Buffers. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict...
USN-8063-2: Protocol Buffers vulnerability
USN-8063-1 fixed a vulnerability in Protocol Buffers. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict...
SUSE-SU-2026:1653-1 Security update for protobuf
This update for protobuf fixes the following issues: Refresh fixes: - CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to RecursionError bsc1244663. - CVE-2026-0994: maxrecursiondepth limit can be bypass...
[SECURITY] Fedora 44 Update: qt6-qtgrpc-6.10.3-1.fc44
Protocol Buffers Protobuf is a cross-platform data format used to serialize structured data. gRPC provides a remote procedure call framework based on Protobuf. Qt provides tooling and classes to use these technologies...
Security Bulletin: Due to use of Google Protocol Buffers, IBM Operations Analytics – Log Analysis is affected by denial of service.
Summary Google Protocol Buffers in Apache Solr is used by IBM Operations Analytics – Log Analysis as part of the data serialization and communication between services. CVE-2021-22570. Vulnerability Details CVEID:CVE-2021-22570 DESCRIPTION: Nullptr dereference when a null char is present in a prot...
OPENSUSE-SU-2026:20555-1 Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260265. Changes for google-cloud-sap-agent: Collect...
EUVD-2026-23268
A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...
CVE-2026-5758
A flaw was found in the protocol-buffers-schema JavaScript library. This vulnerability, known as prototype pollution, allows an attacker to inject malicious properties into an object's core definition. This could enable an attacker to change how an application behaves, bypass security measures, o...
com.graphhopper:graphhopper-web-bundle (>=3.0 <=client_hc_no_vehicle), org.webjars.npm:geobuf (=3.0.2) +15 more potentially affected by CVE-2026-5758 via org.webjars.npm:protocol-buffers-schema (=3.6.0)
org.webjars.npm:protocol-buffers-schema MAVEN version =3.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:protocol-buffers-schema and may be impacted: - com.graphhopper:graphhopper-web-bundle =3.0, =1.10.1, =6.1.0, =10.6.0, =1.3.5,...
@amitojsingh366/keepkey-hardware-controller (=0.0.10), @apsiocoin/protobuf-serialization (=0.0.1-alpha1) +199 more potentially affected by CVE-2026-5758 via protocol-buffers-schema (>=2.2.0 <=3.6.0)
protocol-buffers-schema NPM version =2.2.0, =2.0.9, =2.0.7, =2.1.2, =0.0.25, =0.0.19, =2.0.12, =2.0.11, =0.0.12, =6.1.2, =0.18.4, =0.18.4, =1.16.11, =1.4.2, =2.14.3 and more Source cves: CVE-2026-5758 Source advisory: OSV:GHSA-J452-XHG8-QG39...
@amitojsingh366/keepkey-hardware-controller (=0.0.10), @apsiocoin/protobuf-serialization (=0.0.1-alpha1) +176 more potentially affected by CVE-2026-5758 via protocol-buffers-schema (>=3.1.0 <=3.6.0)
protocol-buffers-schema NPM version =3.1.0, =2.0.9, =2.0.7, =2.1.2, =0.0.25, =0.0.19, =2.0.12, =2.0.11, =0.0.12, =6.1.2, =0.18.4, =0.18.4, =1.16.11, =1.4.2, =2.14.3 and more Source cves: CVE-2026-5758 Source advisory: SNYK:JS-PROTOCOLBUFFERSSCHEMA-16420259...
Prototype Pollution
Overview protocol-buffers-schema is a No nonsense protocol buffers schema parser written in Javascript Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can modify object prototypes, potentially altering application logic, bypassing securi...