Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.8 views

CVE-2026-44290

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

7.5CVSS5.5AI score0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.9 views

CVE-2026-44295

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS5.5AI score0.00395EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.13 views

CVE-2026-44295

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:50 p.m.34 views

CVE-2026-44295 protobufjs-cli: Code injection in pbjs static output from crafted schema names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS0.00395EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:50 p.m.6 views

CVE-2026-44295

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:6 p.m.50 views

protobuf.js: Code injection in pbjs static output from crafted schema names

Summary pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the generated output without...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40541

Name of the Vulnerable Software and Affected Versions protobufjs-cli versions prior to 1.2.1 protobufjs-cli versions prior to 2.0.2 Description Static code generation via pbjs can emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0654

Malware in sbrugna...

6.5CVSS6.4AI score0.01157EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2025/08/08 8:15 p.m.11 views

K000152932: libxml2 vulnerability CVE-2024-56171

Security Advisory Description libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or ...

9.8CVSS7AI score0.0113EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/08/05 2:53 p.m.3 views

GHSA-XW5P-HW6R-2J98 Denial of service in fastify

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion when the allErrors option is used with specially crafted schemas...

6.5CVSS5.9AI score0.01157EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2020/08/05 2:53 p.m.40 views

Denial of service in fastify

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion when the allErrors option is used with specially crafted schemas...

6.5CVSS3.8AI score0.01157EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2020/07/30 1:15 p.m.13 views

CVE-2020-8192

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion when the allErrors option is used with specially crafted schemas...

6.5CVSS6.3AI score0.01157EPSS
Exploits1References1
Prion
Prion
added 2020/07/30 1:15 p.m.18 views

Denial of service

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion when the allErrors option is used with specially crafted schemas...

4CVSS6.2AI score0.01157EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/07/30 12:53 p.m.15 views

CVE-2020-8192

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion when the allErrors option is used with specially crafted schemas...

6.3AI score0.01157EPSS
Exploits1References1
Rows per page
Query Builder