CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-1062

Malware in sbrugna...

9.8CVSS9.3AI score0.0041EPSS

Exploits1References3

Github Security Blog•added 2021/05/06 6:12 p.m.•48 views

Prototype Pollution in confucious

All versions of package confucious up to and including version 0.0.12 are vulnerable to Prototype Pollution via the set function...

9.8CVSS9AI score0.0041EPSS

Exploits1References3Affected Software1

OSV•added 2021/05/06 6:12 p.m.•12 views

GHSA-FMRR-MX6J-H3H5 Prototype Pollution in confucious

All versions of package confucious up to and including version 0.0.12 are vulnerable to Prototype Pollution via the set function...

9.8CVSS9.5AI score0.0041EPSS

Exploits1References2

vulnersOsv•added 2021/05/06 6:12 p.m.•3 views

task-mule (>=1.4.14 <=1.6.0) potentially affected by CVE-2020-7714 via confucious (=0.0.10)

confucious NPM version =0.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on confucious and may be impacted: - task-mule =1.4.14, =1.6.0 Source cves: CVE-2020-7714 Source advisory: OSV:GHSA-FMRR-MX6J-H3H5...

9.8CVSS7.2AI score0.0041EPSS

Exploits1

Veracode•added 2020/09/02 6:18 a.m.•16 views

Prototype Pollution

confucious is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

9.8CVSS3.6AI score0.0041EPSS

Exploits1References1Affected Software1

NVD•added 2020/09/01 10:15 a.m.•6 views

CVE-2020-7714

All versions of package confucious are vulnerable to Prototype Pollution via the set function...

9.8CVSS9.6AI score0.0041EPSS

Exploits1References1

Prion•added 2020/09/01 10:15 a.m.•13 views

Design/Logic Flaw

All versions of package confucious are vulnerable to Prototype Pollution via the set function...

7.5CVSS9.4AI score0.0041EPSS

Exploits1References1

Cvelist•added 2020/09/01 9:20 a.m.•14 views

CVE-2020-7714 Prototype Pollution

All versions of package confucious are vulnerable to Prototype Pollution via the set function...

9.8CVSS9.6AI score0.0041EPSS

Exploits1References1

CVE•added 2020/09/01 9:20 a.m.•43 views

CVE-2020-7714

CVE-2020-7714 affects the npm package confucious via Prototype Pollution in the set function. Affected versions are reported as prior to 0.0.13 (PT-2020-19736), with Snyk listing up to 0.0.12; multiple sources reiterate vulnerability across versions. Root cause is unsafe merging / path-based assi...

9.8CVSS9.5AI score0.0041EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2020/09/01 12:0 a.m.•2 views

PT-2020-19736 · Unknown · Confucious

Name of the Vulnerable Software and Affected Versions: confucious versions prior to 0.0.13 Description: The issue concerns Prototype Pollution via the set function. This allows for potential manipulation of object properties, which can lead to various security issues. Recommendations: For version...

9.8CVSS9.5AI score0.0041EPSS

Exploits1References3

vulnersOsv•added 2020/08/14 9:29 a.m.•2 views

rsg-log-server (>=0.0.2 <=0.0.3), rsg-metrics-server (>=0.0.1 <=0.0.10) +1 more potentially affected by CVE-2020-7714 via confucious (>=0.0.10 <=0.0.9)

confucious NPM version =0.0.10, =0.0.2, =0.0.1, =1.1.0, =1.6.0 Source cves: CVE-2020-7714 Source advisory: SNYK:JS-CONFUCIOUS-598665...

9.8CVSS7.2AI score0.0041EPSS

Exploits1

Snyk•added 2020/08/14 9:29 a.m.•1 views

Prototype Pollution

Overview confucious is an App configuration management. Kind of like nconf, but easier to use, predicable and more flexible. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const confucious = require'confucious'; confucious.set'proto:polluted',...

9.8CVSS9AI score0.0041EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by