Lucene search
K

281 matches found

NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-9002

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:8 p.m.17 views

CVE-2026-9002

IBM WebSphere eXtremes Scale is affected in versions 8.6.1.0–8.6.1.6 by an XDF decoder validation issue. The decoder may mishandle deeply nested Protocol Buffers messages and attacker-controlled length prefixes without proper bounds checking, enabling an adjacent attacker to trigger StackOverflow...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 7:8 p.m.7 views

EUVD-2026-40379

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:8 p.m.34 views

CVE-2026-9002 IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53951

Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description Improper validation in the XDF decoder allows an adjacent attacker to cause a denial of service. The application processes deeply nested Protocol Buffers messages and...

6.5CVSS6AI score0.00269EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7278346)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by a vulnerability as referenced in the 7278346 advisory. - IBM WebSphere eXtreme Scale could allow an adjacent attacker to cause a denial of service due to improper...

6.5CVSS6AI score0.00269EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45740

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...

7.5CVSS5.4AI score0.00263EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 9:56 a.m.15 views

Security Bulletin: There is a vulnerability in protocol-buffers-schema-3.6.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-5758)

Summary There is a vulnerability in protocol-buffers-schema-3.6.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-5758 DESCRIPTION: JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0,...

6.5CVSS6.1AI score0.00534EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/26 8:31 p.m.16 views

USN-8063-2 protobuf vulnerability

USN-8063-1 fixed a vulnerability in Protocol Buffers. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict...

8.2CVSS6.6AI score0.00613EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/26 8:31 p.m.18 views

USN-8063-2: Protocol Buffers vulnerability

USN-8063-1 fixed a vulnerability in Protocol Buffers. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict...

8.2CVSS6.4AI score0.00613EPSS
Exploits0
OSV
OSV
added 2026/04/29 12:45 a.m.3 views

SUSE-SU-2026:1653-1 Security update for protobuf

This update for protobuf fixes the following issues: Refresh fixes: - CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to RecursionError bsc1244663. - CVE-2026-0994: maxrecursiondepth limit can be bypass...

8.2CVSS5.7AI score0.00613EPSS
Exploits0References6
Fedora
Fedora
added 2026/04/25 1:55 a.m.15 views

[SECURITY] Fedora 44 Update: qt6-qtgrpc-6.10.3-1.fc44

Protocol Buffers Protobuf is a cross-platform data format used to serialize structured data. gRPC provides a remote procedure call framework based on Protobuf. Qt provides tooling and classes to use these technologies...

5.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/21 12:38 p.m.9 views

Security Bulletin: Due to use of Google Protocol Buffers, IBM Operations Analytics – Log Analysis is affected by denial of service.

Summary Google Protocol Buffers in Apache Solr is used by IBM Operations Analytics – Log Analysis as part of the data serialization and communication between services. CVE-2021-22570. Vulnerability Details CVEID:CVE-2021-22570 DESCRIPTION: Nullptr dereference when a null char is present in a prot...

6.5CVSS6.5AI score0.0266EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/17 7:57 a.m.3 views

OPENSUSE-SU-2026:20555-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260265. Changes for google-cloud-sap-agent: Collect...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/16 3:31 p.m.4 views

EUVD-2026-23268

A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...

7.1CVSS5.8AI score0.0036EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/16 3:2 p.m.5 views

CVE-2026-5758

A flaw was found in the protocol-buffers-schema JavaScript library. This vulnerability, known as prototype pollution, allows an attacker to inject malicious properties into an object's core definition. This could enable an attacker to change how an application behaves, bypass security measures, o...

6.5CVSS5.9AI score0.00534EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/04/15 6:31 p.m.9 views

com.graphhopper:graphhopper-web-bundle (>=3.0 <=client_hc_no_vehicle), org.webjars.npm:geobuf (=3.0.2) +15 more potentially affected by CVE-2026-5758 via org.webjars.npm:protocol-buffers-schema (=3.6.0)

org.webjars.npm:protocol-buffers-schema MAVEN version =3.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:protocol-buffers-schema and may be impacted: - com.graphhopper:graphhopper-web-bundle =3.0, =1.10.1, =6.1.0, =10.6.0, =1.3.5,...

6.5CVSS5.7AI score0.00534EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/15 6:31 p.m.8 views

@amitojsingh366/keepkey-hardware-controller (=0.0.10), @apsiocoin/protobuf-serialization (=0.0.1-alpha1) +199 more potentially affected by CVE-2026-5758 via protocol-buffers-schema (>=2.2.0 <=3.6.0)

protocol-buffers-schema NPM version =2.2.0, =2.0.9, =2.0.7, =2.1.2, =0.0.25, =0.0.19, =2.0.12, =2.0.11, =0.0.12, =6.1.2, =0.18.4, =0.18.4, =1.16.11, =1.4.2, =2.14.3 and more Source cves: CVE-2026-5758 Source advisory: OSV:GHSA-J452-XHG8-QG39...

6.5CVSS5.7AI score0.00534EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/15 6:31 p.m.9 views

@amitojsingh366/keepkey-hardware-controller (=0.0.10), @apsiocoin/protobuf-serialization (=0.0.1-alpha1) +176 more potentially affected by CVE-2026-5758 via protocol-buffers-schema (>=3.1.0 <=3.6.0)

protocol-buffers-schema NPM version =3.1.0, =2.0.9, =2.0.7, =2.1.2, =0.0.25, =0.0.19, =2.0.12, =2.0.11, =0.0.12, =6.1.2, =0.18.4, =0.18.4, =1.16.11, =1.4.2, =2.14.3 and more Source cves: CVE-2026-5758 Source advisory: SNYK:JS-PROTOCOLBUFFERSSCHEMA-16420259...

6.5CVSS5.7AI score0.00534EPSS
Exploits0
Snyk
Snyk
added 2026/04/15 6:31 p.m.10 views

Prototype Pollution

Overview protocol-buffers-schema is a No nonsense protocol buffers schema parser written in Javascript Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can modify object prototypes, potentially altering application logic, bypassing securi...

6.9CVSS6.3AI score0.00534EPSS
Exploits0References2
Rows per page
Query Builder