CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

SUSE CVE•added 2026/06/13 2:17 a.m.•5 views

SUSE CVE-2026-44293

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

8.8CVSS5.3AI score0.00294EPSS

Exploits0References3

Tenable Nessus•added 2026/06/11 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-44293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could...

8.8CVSS5.4AI score0.00294EPSS

Exploits0References2

NVD•added 2026/05/13 4:16 p.m.•22 views

CVE-2026-44293

8.8CVSS0.00294EPSS

Exploits0References1

Vulnrichment•added 2026/05/13 2:43 p.m.•6 views

CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code

7.7CVSS5.9AI score0.00294EPSS

Exploits0References1

CVE•added 2026/05/13 2:43 p.m.•29 views

CVE-2026-44293

CVE-2026-44293 affects protobufjs: prior to versions 7.5.6 and 8.0.2, generated JavaScript for toObject conversion could emit attacker-controlled code from a schema-controlled bytes field default value. A crafted descriptor with a non-string default for a bytes field may cause arbitrary JavaScrip...

8.8CVSS5.9AI score0.00294EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/13 2:43 p.m.•8 views

CVE-2026-44293

7.7CVSS5.8AI score0.00294EPSS

Exploits0References2Affected Software1

Snyk•added 2026/05/12 3:6 p.m.•7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the toObject function when handling a schema-controlled bytes field default value. An attacker can execute arbitrary JavaScript code by providing a crafted descriptor with a malicious default value for a byte...

8.8CVSS6.1AI score0.00294EPSS

Exploits0References2

Snyk•added 2026/05/12 3:6 p.m.•6 views

Arbitrary Code Injection

8.8CVSS6.1AI score0.00294EPSS

Exploits0References2

Github Security Blog•added 2026/05/12 3:6 p.m.•14 views

protobuf.js: Code injection through bytes field defaults in generated toObject code

Summary protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default value for a bytes field could cause attacker-controlled code to be emitted into the generat...

8.8CVSS6.1AI score0.00294EPSS

Exploits0References4Affected Software1

OSV•added 2026/05/12 3:6 p.m.•4 views

GHSA-66FF-XGX4-VCHM protobuf.js: Code injection through bytes field defaults in generated toObject code

7.7CVSS6.1AI score0.00294EPSS

Exploits0References4

Positive Technologies•added 2026/05/12 12:0 a.m.•10 views

PT-2026-40539

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description JavaScript generated for toObject conversion may include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor...

8.8CVSS6.1AI score0.00294EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by