Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 6 days ago5 views

protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe...

8.8CVSS6.1AI score0.00381EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/13 2:43 p.m.52 views

CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

7.7CVSS0.00381EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:43 p.m.9 views

CVE-2026-44293

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

7.7CVSS5.8AI score0.00381EPSS
Exploits0References2Affected Software1
Metasploit
Metasploit
added 2026/01/13 6:59 p.m.353 views

n8n Workflow Expression Remote Code Execution

This module exploits a critical remote code execution vulnerability CVE-2025-68613 in the n8n workflow automation platform. The vulnerability exists in the workflow expression evaluation system where user-supplied expressions enclosed in are evaluated in an execution context that is not...

9.9CVSS8.2AI score0.97875EPSS
Exploits29
Rows per page
Query Builder