Lucene search
K

1401 matches found

RedHat Linux
RedHat Linux
added 4 days ago5 views

protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe...

8.8CVSS6.2AI score0.00392EPSS
Exploits0References5
OSV
OSV
added 5 days ago7 views

ROOT-APP-PYPI-CVE-2025-4565 CVE-2025-4565 in rootio-protobuf - Patched by Root

Root has patched CVE-2025-4565 in the rootio-protobuf package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.4AI score0.00281EPSS
Exploits0
OSV
OSV
added 5 days ago7 views

ROOT-APP-PYPI-CVE-2026-0994 CVE-2026-0994 in rootio-protobuf - Patched by Root

Root has patched CVE-2026-0994 in the rootio-protobuf package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.00613EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/04 1:38 a.m.4 views

Security Bulletin: Due to the use of Google Go, IBM Cloud Pak Sys is affected by an infinite loop when unmarshaling certain forms of invalid JSON

Summary Vulnerability in Go used by Cloud Pak System CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which...

7.5CVSS6.7AI score0.01262EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.18 views

PT-2026-54519

Name of the Vulnerable Software and Affected Versions buffa affected versions not specified Description The buffa protobuf decoder contains a memory-amplification issue. A malformed message can cause the library to consume up to 22 times the expected amount of RAM, leading to a denial of service...

5.7AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 4:49 a.m.10 views

CVE-2026-54269

A flaw was found in protobufjs, a JavaScript JS library for compiling protobuf definitions. A remote attacker could exploit this vulnerability by providing specially crafted protobuf definitions or message types that contain names colliding with internal protobufjs runtime helpers. This could lea...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 12:3 p.m.2 views

RLSA-2023:6621 Moderate: protobuf-c security update

The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmember CVE-2022-48468 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, ref...

6.2CVSS5.9AI score0.00369EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/25 12:3 p.m.5 views

protobuf-c security update

An update is available for protobuf-c. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The protobuf-c packages provide C bindings for Google's Protocol Buffers...

5.5CVSS6.5AI score0.00369EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in protobuf

There is a denial-of-service DoS vulnerability in the google.protobuf.jsonformat.ParseDict function in Python. This vulnerability allows for bypassing the maximum recursion depth when parsing nested google.protobuf.Any messages. Due to the lack of recursion depth accounting within the internal...

8.2CVSS6.6AI score0.00613EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 2:4 p.m.5 views

Security Bulletin: The Network Threat Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Network Threat Analytics App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-0994 DESCRIPTION: A...

8.2CVSS5.8AI score0.00613EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/19 2:16 p.m.11 views

CVE-2026-48137

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...

9.8CVSS0.00549EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 12:0 p.m.6 views

MAL-2026-6148 Malicious code in async-protobuf-av (npm)

The npm package async-protobuf-av published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/15 9:55 p.m.10 views

EEF-CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

Summary Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS5.4AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 9:55 p.m.9 views

EUVD-2026-37013

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 8:13 p.m.7 views

GHSA-PR59-H9PH-3FR8 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

Summary A previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common case of parsing schemas fro...

8.2CVSS5.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:30 p.m.10 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion during the JSON conversion. An attacker can exhaust the call stack and cause the application to crash by supplying crafted protobuf binary data containing deeply nested Any values that are expanded during...

8.7CVSS5.9AI score0.00324EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.15 views

CVE-2026-52756

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...

6.5CVSS5.6AI score0.00457EPSS
Exploits1References1
NVD
NVD
added 2026/06/10 2:16 p.m.14 views

CVE-2026-52756

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...

6.5CVSS0.00457EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/10 12:41 p.m.35 views

CVE-2026-52756 Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...

6.3CVSS0.00457EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:41 p.m.10 views

EUVD-2026-36015

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...

6.3CVSS5.6AI score0.00457EPSS
Exploits1References2
Rows per page
Query Builder