Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/03/27 10:15 p.m.3 views

CVE-2026-33994 Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...

6.3CVSS5.9AI score0.00559EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/27 10:15 p.m.26 views

CVE-2026-33994 Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...

6.3CVSS0.00559EPSS
Exploits1References4
NVD
NVD
added 2026/02/04 10:15 p.m.4 views

CVE-2026-25521

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input...

9.4CVSS0.00261EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2026/02/02 10:21 p.m.7 views

@haxtheweb/create (>=0.1.3 <=26.0.0), @haxtheweb/haxcms-nodejs (>=0.0.2 <=25.0.0) +3 more potentially affected by CVE-2026-25521 via locutus (>=2.0.14 <=2.0.32)

locutus NPM version =2.0.14, =0.1.3, =0.0.2, =11.0.2, =2.1.1, =1.0.66, =1.0.72 Source cves: CVE-2026-25521 Source advisory: OSV:GHSA-RXRV-835Q-V5MH...

9.4CVSS5.4AI score0.00261EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/02 10:21 p.m.8 views

@haxtheweb/create (>=0.1.3 <=26.0.0), @haxtheweb/haxcms-nodejs (>=0.0.2 <=25.0.0) +3 more potentially affected by CVE-2026-25521 via locutus (>=2.0.14 <=2.0.32)

locutus NPM version =2.0.14, =0.1.3, =0.0.2, =11.0.2, =2.1.1, =1.0.66, =1.0.72 Source cves: CVE-2026-25521 Source advisory: SNYK:JS-LOCUTUS-15182766...

9.4CVSS5.4AI score0.00261EPSS
Exploits1
Rows per page
Query Builder