CVE-2026-44290 protobufjs: Process-wide denial of service through unsafe option paths

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

CVE-2026-44290

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

CVE-2026-8161 multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

PT-2026-40536

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description protobufjs allows certain schema option paths to traverse inherited object properties during option application. A crafted protobuf schema or JSON descriptor can...

Prototype Pollution

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution through the mergeConfig code path in the request configuration handling. An attacker can influence request behavior by supplying a...

CVE-2026-27125

svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a...

CVE-2026-27125 Svelte SSR attribute spreading includes inherited properties from prototype chain

svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a...

Svelte 安全漏洞

Svelte is an open-source approach to building web applications developed by Svelte. Versions of Svelte prior to 5.51.5 have a security vulnerability. This vulnerability arises from server-side rendering, where property extensions enumerate inherited properties, which may lead to unexpected proper...

Svelte SSR attribute spreading includes inherited properties from prototype chain

In server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a precondition outside of Svelte's control — this can cause unexpect...

EUVD-2026-4851

Maker.js has Unsafe Property Copying in makerjs.extendObject...

GHSA-2CP6-34R9-54XX Maker.js has Unsafe Property Copying in makerjs.extendObject

Summary The makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks hasOwnProperty checks and does not filter dangerous keys, allowing inherited properties and potentially malicious...

Maker.js has Unsafe Property Copying in makerjs.extendObject

Summary The makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks hasOwnProperty checks and does not filter dangerous keys, allowing inherited properties and potentially malicious...

CVE-2026-24888

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

CVE-2026-24888

Maker.js (makerjs.extendObject) is vulnerable to unsafe property copying. The function iterates with for...in without hasOwnProperty() checks and fails to filter dangerous keys, enabling inherited or crafted properties (e.g., proto ) to be copied to targets. This prototype-pollution risk is docum...

CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

Maker.js security vulnerabilities

Maker.js is a two-dimensional vector drawing and shape modeling tool open-sourced by Microsoft. Versions of Maker.js prior to 0.19.1 contain security vulnerabilities. These vulnerabilities stem from the makerjs.extendObject function, which lacks proper validation when copying object properties...

CVE-2024-51999

...

CVE-2020-11703

An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter...