CVE-2026-25521 Locutus is vulnerable to Prototype Pollution

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input...

CVE-2026-25521 Locutus is vulnerable to Prototype Pollution

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input...

CVE-2026-25521

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input...

PT-2026-6310

Name of the Vulnerable Software and Affected Versions Locutus versions 2.0.12 through 2.0.38 Description Locutus, designed to bring standard libraries from other programming languages to JavaScript for educational purposes, contains a prototype pollution issue. A previous attempt to address...

CVE-2024-23505

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DearHive PDF Viewer & 3D PDF Flipbook – DearPDF allows Stored XSS.This issue affects PDF Viewer & 3D PDF Flipbook – DearPDF: from n/a through 2.0.38...

CVE-2020-15148

Yii 2 yiisoft/yii2 before version 2.0.38 is vulnerable to remote code execution if the application calls unserialize on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory...

CVE-2024-23505 WordPress PDF Viewer & 3D PDF Flipbook – DearPDF Plugin <= 2.0.38 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DearHive PDF Viewer & 3D PDF Flipbook – DearPDF allows Stored XSS.This issue affects PDF Viewer & 3D PDF Flipbook – DearPDF: from n/a through 2.0.38...

CVE-2021-41426

Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery CSRF via mgtenduser.htm...

CVE-2021-41427

Beeline Smart Box 2.0.38 is vulnerable to a Cross Site Scripting (XSS) flaw in the setup.cgi endpoint, exploitable via the choose_mac parameter. The issue is documented under CVE-2021-41427. Affected component: the web interface handling setup.cgi; vulnerability type: XSS. Impact details in the p...

CVE-2020-15148

Yii 2 yiisoft/yii2 before version 2.0.38 is vulnerable to remote code execution if the application calls unserialize on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory...

Beeline Smart Box Operating System Command Injection Vulnerability

The Beeline Smart Box is a wireless router from the Russian company Beeline. A security vulnerability exists in Beeline Smart Box version 2.0.38. An attacker can exploit this vulnerability via the 'Ping pingipaddr', 'Nslookup nslookupipaddr' or 'Traceroute tracerouteipaddr' parameters to execute...