CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

NVD•added 2026/05/13 4:16 p.m.•8 views

CVE-2026-44293

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

8.8CVSS0.00058EPSS

Exploits0References1

CVE•added 2026/05/13 2:43 p.m.•8 views

CVE-2026-44293

CVE-2026-44293 affects protobufjs: prior to versions 7.5.6 and 8.0.2, generated JavaScript for toObject conversion could emit attacker-controlled code from a schema-controlled bytes field default value. A crafted descriptor with a non-string default for a bytes field may cause arbitrary JavaScrip...

8.8CVSS5.9AI score0.00058EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/13 2:43 p.m.•5 views

CVE-2026-44293

7.7CVSS5.8AI score0.00058EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/13 2:43 p.m.•4 views

CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code

7.7CVSS5.9AI score0.00058EPSS

Exploits0References1

Snyk•added 2026/05/12 3:6 p.m.•3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the toObject function when handling a schema-controlled bytes field default value. An attacker can execute arbitrary JavaScript code by providing a crafted descriptor with a malicious default value for a byte...

8.8CVSS6.1AI score0.00058EPSS

Exploits0References2

OSV•added 2026/05/12 3:6 p.m.•2 views

GHSA-66FF-XGX4-VCHM protobuf.js: Code injection through bytes field defaults in generated toObject code

Summary protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default value for a bytes field could cause attacker-controlled code to be emitted into the generat...

7.7CVSS6.1AI score0.00058EPSS

Exploits0References4

Snyk•added 2026/05/12 3:6 p.m.•5 views

Arbitrary Code Injection

8.8CVSS6.1AI score0.00058EPSS

Exploits0References2

Github Security Blog•added 2026/05/12 3:6 p.m.•6 views

protobuf.js: Code injection through bytes field defaults in generated toObject code

8.8CVSS6.1AI score0.00058EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-40539

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description JavaScript generated for toObject conversion may include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor...

7.7CVSS6.1AI score0.00058EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by