CVE-2026-44294 protobufjs: Denial of service from crafted field names in generated code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

CVE-2026-44292 protobufjs: Prototype injection in generated message constructors

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

CVE-2026-44292

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

CVE-2026-44290 protobufjs: Process-wide denial of service through unsafe option paths

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

CVE-2026-44288 protobufjs: Overlong UTF-8 decoding

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf...

CVE-2021-46677

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field...

CVE-2021-46679

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements...

CVE-2021-46681 Vulnerability XSS in module mass operation name field

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...

Artica Pandora FMS 跨站脚本漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS version 756 and earlier. An attacker can exploit this...

Artica Pandora FMS 跨站脚本漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS version 756 and earlier. An attacker can exploit this...

CVE-2021-46679

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements...

PT-2021-20569 · 3S Smart Software Solutions · Codesys V2 Runtime Toolkit

Name of the Vulnerable Software and Affected Versions: CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56 Description: The issue allows unauthenticated crafted invalid requests to result in several denial-of-service conditions. This can cause running PLC programs to b...