CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

97 matches found

RedhatCVE•added 2026/02/24 1:44 a.m.•2 views

CVE-2026-2964

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

9.8CVSS5AI score0.00064EPSS

Exploits0References1

OSV•added 2026/02/23 2:16 a.m.•0 views

CVE-2026-2964

9.8CVSS5.3AI score0.00064EPSS

Exploits0References3

NVD•added 2026/02/23 2:16 a.m.•4 views

CVE-2026-2964

9.8CVSS0.00064EPSS

Exploits0References3

ATTACKERKB•added 2026/02/23 1:2 a.m.•3 views

CVE-2026-2964

5CVSS5.2AI score0.00064EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/02/23 12:0 a.m.•3 views

PT-2026-21488

Name of the Vulnerable Software and Affected Versions higuma web-audio-recorder-js versions 0.1 and 0.1.1 Description A flaw exists in the extend function within the lib/WebAudioRecorder.js library, specifically in the Dynamic Config Handling component. This allows for improper modification of...

9.8CVSS5.9AI score0.00064EPSS

Exploits0References10

RedhatCVE•added 2026/01/09 10:49 a.m.•1 views

CVE-2022-37266

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...

9.8CVSS7AI score0.005EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-0836

Malware in sbrugna...

8.6CVSS8.7AI score0.004EPSS

Exploits1References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-0860

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00153EPSS

Exploits1References7

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-0637

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.00353EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 10:28 a.m.•3 views

CVE-2024-45435

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function...

9.8CVSS6.9AI score0.00179EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:5 a.m.•0 views

CVE-2024-38994

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

7.3CVSS6.2AI score0.00296EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 5:38 a.m.•2 views

CVE-2023-26158

All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, o...

8.2CVSS6.7AI score0.00086EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:39 a.m.•5 views

CVE-2023-26133

All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend in the file utils.js...

9.8CVSS6.8AI score0.00077EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:38 a.m.•5 views

CVE-2023-26102

All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...

8.2CVSS6.7AI score0.00353EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 3:27 a.m.•3 views

CVE-2023-26113

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

7.5CVSS6.8AI score0.00153EPSS

Exploits1References1

Positive Technologies•added 2025/02/05 12:0 a.m.•2 views

PT-2025-5754 · Unknown · Utils-Extend

Name of the Vulnerable Software and Affected Versions: utils-extend version 1.0.8 Description: The issue allows an attacker to introduce or modify properties within the global prototype chain through the lib.extend entry function, causing a denial of service DoS as the minimum consequence. This i...

9.1CVSS7.1AI score0.0021EPSS

Exploits0References5

Snyk•added 2024/10/01 12:4 a.m.•1 views

Prototype Pollution

Overview pace-js is an Automatically add a progress bar to your site. Affected versions of this package are vulnerable to Prototype Pollution via the extend function, which recursively copies key-value pairs from the source object without properly validating property names. An attacker can exploi...

8.8CVSS6.6AI score

Exploits0References2

Veracode•added 2024/08/30 8:37 a.m.•12 views

Prototype Pollution

chartist is vulnerable to Prototype Pollution. The vulnerability is due to lack of validation in the extend function to prevent arguments from modifying the object prototype in Chartist, allows an attacker to inject malicious object properties using the proto property, which recursively affects a...

9.8CVSS6.7AI score0.00179EPSS

Exploits1References3Affected Software1

CVE•added 2024/08/29 12:0 a.m.•48 views

CVE-2024-45435

CVE-2024-45435 affects Chartist 1.x–1.3.0, due to a lack of validation in the extend function that enables prototype pollution. This can allow an attacker to modify the Object prototype via proto , impacting all objects in the application (reported CVSS v3.1 base score 9.8, critical, with network...

9.8CVSS6.7AI score0.00179EPSS

Exploits1References2Affected Software1