Lucene search
K

211 matches found

RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-59876

A flaw was found in protobufjs. The Text Format extension, responsible for compiling protobuf definitions into JavaScript functions, improperly parsed string-keyed map entries. This allowed a specially crafted map entry with the key proto to modify the prototype of the returned map object. An...

4.8CVSS6AI score0.00219EPSS
Exploits0References7
NVD
NVD
added last week12 views

CVE-2026-59876

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS0.00219EPSS
Exploits0References4
OSV
OSV
added last week4 views

CVE-2026-59876 protobufjs: Text Format string map parsing can mutate returned map object prototype

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS6.1AI score0.00219EPSS
Exploits0References6
CVE
CVE
added last week7 views

CVE-2026-59876

CVE-2026-59876 affects protobufjs (Text Format extension) where, from 8.2.0 through 8.6.5, string-keyed map entries were parsed via ordinary property assignment, allowing a map entry with key proto to mutate the prototype of the returned map instead of creating an own entry in protobufjs/ext/text...

4.8CVSS6AI score0.00219EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added last week31 views

CVE-2026-59876 protobufjs: Text Format string map parsing can mutate returned map object prototype

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS0.00219EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.11 views

PT-2026-56496

Name of the Vulnerable Software and Affected Versions protobufjs versions 8.2.0 through 8.6.4 Description The protobufjs Text Format extension parses string-keyed map entries using ordinary property assignment. This allows a map entry with the key proto to modify the prototype of the returned map...

4.8CVSS6.1AI score0.00219EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/06/14 9:6 p.m.108 views

Exploit for CVE-2022-30190

Explotación de Follina CVE-2022-30190 Follina CVE-2022-3...

9.3CVSS8AI score0.99374EPSS
Exploits62
NVD
NVD
added 2026/06/10 6:17 p.m.17 views

CVE-2026-46642

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS0.00221EPSS
Exploits1References2
CVE
CVE
added 2026/06/10 5:42 p.m.40 views

CVE-2026-46642

CVE-2026-46642 affects draw.io prior to 29.7.12. A crafted .drawio file can execute arbitrary JavaScript in the editor’s origin when opened. The root cause is a feature-detection routine in the Text Format panel that reads the raw cell label and assigns it to a detached element’s innerHTML withou...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/10 5:42 p.m.12 views

EUVD-2026-36077

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/10 5:42 p.m.10 views

CVE-2026-46642 draw.io: XSS via crafted cell label when opening a .drawio file

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References2
OSV
OSV
added 2026/06/10 5:42 p.m.2 views

CVE-2026-46642 draw.io: XSS via crafted cell label when opening a .drawio file

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS6.3AI score0.00221EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.22 views

PT-2026-48502

Name of the Vulnerable Software and Affected Versions draw.io versions prior to 29.7.12 Description A crafted .drawio file can execute arbitrary JavaScript in the editor's origin when opened. The issue exists in a feature-detection routine within the Text Format panel that reads the raw cell labe...

6.1CVSS5.8AI score0.00221EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.11 views

draw.io 跨站脚本漏洞

Draw.IO is an open-source configurable charting and whiteboard application. Versions of Draw.IO prior to 29.7.12 had a cross-site scripting vulnerability. This vulnerability occurred because the feature detection routine in the Text Format panel did not clean up the original cell labels, allowing...

6.1CVSS5.4AI score0.00221EPSS
Exploits1References1
OSV
OSV
added 2026/04/08 4:9 p.m.11 views

DRUPAL-CONTRIB-2026-032

The IframeConsent element writes HTML attributes without escaping their value. This module has a XSS vulnerability. If an attacker is able to write an tag, they may be able to insert arbitrary JavaScript. This vulnerability is mitigated by the fact that a text format that allows iframe-consent HT...

6.1CVSS5.9AI score0.00196EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/24 1:29 a.m.5 views

Integer Overflow or Wraparound

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.6CVSS6AI score0.00319EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:29 a.m.5 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.6CVSS6AI score0.00319EPSS
Exploits0References2
OSV
OSV
added 2026/02/23 2:46 p.m.8 views

CLSA-2026-1771857969 Fix CVE(s): CVE-2025-14087, CVE-2025-14512

SECURITY UPDATE: Buffer underflow in GVariant parser leads to heap corruption - debian/patches/CVE-2025-1408714512.patch: Fix integer overflows in GVariant text format parser when processing input longer than INTMAX - CVE-2025-14087 SECURITY UPDATE: Integer overflow in escapebytestring leads to...

9.8CVSS6.6AI score0.00767EPSS
Exploits0References1
OSV
OSV
added 2026/02/23 2:35 p.m.10 views

CLSA-2026-1771857296 Fix CVE(s): CVE-2025-14087

SECURITY UPDATE: Buffer underflow in GVariant parser leads to heap corruption - debian/patches/CVE-2025-14087.patch: Fix integer overflows in GVariant text format parser when processing input longer than INTMAX, and fix integer overflow in escapebytestring for byte strings with many invalid...

9.8CVSS6.2AI score0.00767EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/22 4:44 p.m.157 views

XSS-cheat-sheet-txt-dictionary-by-PortSwigger

XSS cheat sheet dictionary by PortSwigger PortSwigger diction...

5.4AI score
Exploits0
Rows per page
Query Builder