Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2 days ago10 views

Linux Distros Unpatched Vulnerability : CVE-2026-45740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding...

7.5CVSS6AI score0.00263EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 6:16 p.m.15 views

CVE-2026-54271

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

8.2CVSS0.00228EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:16 p.m.5 views

CVE-2026-54271

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

8.2CVSS5.9AI score0.00228EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 4:16 p.m.21 views

CVE-2026-54271

The CVE-2026-54271 entry concerns protobufjs-cli (pbjs) static code generation, where insecure handling of pre-parsed JSON descriptors could lead to attacker-controlled JavaScript in generated output. Concrete details across connected sources show that protobufjs-cli versions prior to the fixed r...

8.2CVSS5.9AI score0.00228EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 4:16 p.m.31 views

CVE-2026-54271 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

8.2CVSS0.00228EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/15 8:13 p.m.5 views

NPM: protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

NPM: protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names vulnerability discovered by ? in WordPress Npm protobufjs-cli versions = 1.3.1...

8.2CVSS5.8AI score0.00228EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 2:46 p.m.31 views

CVE-2026-45740 protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...

5.3CVSS0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40697

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.8 protobufjs versions prior to 8.2.0 Description protobufjs compiles protobuf definitions into JavaScript functions. The software can recurse without a depth limit when expanding nested JSON descriptors through...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References7
Rows per page
Query Builder