CVE-2026-44294

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

CVE-2026-44292

The CVE-2026-44292 issue affects protobufjs where generated message constructors copied enumerable properties from a provided object without filtering the proto key. This can let attackers pass an attacker-controlled plain object to a message constructor, causing per-instance prototype injection ...

CVE-2026-44291

CVE-2026-44291 affects protobufjs: prior to versions 7.5.6 and 8.0.2, internal type lookup tables used by generated encode/decode functions could be polluted via Object.prototype, allowing attacker-controlled inherited properties to influence protobuf type information and potentially emit attacke...

CVE-2026-44290

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

CVE-2024-26289

The CVE-2024-26289 issue is a Deserialization of Untrusted Data vulnerability in PMB Services PMB that enables Remote Code Inclusion. Concrete details from connected documents: affected PMB versions are 7.3.1–7.3.18, 7.4.1–7.4.9, and 7.5.1–7.5.6-2. Root cause is deserialization of untrusted data....

UBBCentral UBB.Threads 7.5.6 - Username Cross-Site Scripting

UBBCentral UBB.Threads 7.5.6 - Username Cross-Site Scripting source: https://www.securityfocus.com/bid/51275/info UBB.threads is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...