CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

RedhatCVE•added 2026/03/30 10:18 a.m.•2 views

CVE-2026-33993

A flaw was found in Locutus, a library that integrates standard libraries from other programming languages into JavaScript. The unserialize function, which converts serialized PHP data into JavaScript objects, fails to filter the proto key during deserialization. A remote attacker can exploit thi...

9.8CVSS5.9AI score0.00055EPSS

Exploits1References7

CNNVD•added 2026/03/27 12:0 a.m.•4 views

Locutus 安全漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus prior to 3.0.25 contained security vulnerabilities. These vulnerabilities stemmed from the unserialize function not filtering the proto key, which could lead to prototype pollution, property injection, and...

9.8CVSS5.8AI score0.00055EPSS

Exploits1References4

CNNVD•added 2026/03/27 12:0 a.m.•3 views

Locutus 安全漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus from 2.0.39 to 3.0.25 contained security vulnerabilities. These vulnerabilities stemmed from a bypassable prototype pollution protection mechanism in the parsestr function, which could lead to prototype polluti...

9.8CVSS5.8AI score0.0007EPSS

Exploits1References4

RedhatCVE•added 2026/03/16 7:24 p.m.•2 views

CVE-2026-32304

A flaw was found in Locutus, a JavaScript library that provides standard library functions. The createfunction function in Locutus passes user-supplied arguments and code directly to the JavaScript Function constructor without proper sanitization. This vulnerability allows a remote attacker to...

9.8CVSS6.2AI score0.00161EPSS

Exploits1References5

CNNVD•added 2026/03/13 12:0 a.m.•3 views

Locutus 代码注入漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus prior to 3.0.14 contained a code injection vulnerability. This vulnerability stemmed from the createfunction function not properly cleaning parameters, which could allow arbitrary code to execute...

9.8CVSS6AI score0.00161EPSS

Exploits1References2

CNNVD•added 2026/03/06 12:0 a.m.•2 views

Locutus 安全漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus prior to 3.0.0 contained security vulnerabilities, which stemmed from insecure implementations of the calluserfuncarray function, potentially allowing remote code execution...

8.1CVSS6.1AI score0.00506EPSS

Exploits1References2

CNNVD•added 2026/02/04 12:0 a.m.•3 views

Locutus 安全漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus from 2.0.12 to 2.0.39 contained security vulnerabilities. These vulnerabilities were due to insufficient input validation, which could lead to prototype pollution...

9.4CVSS5.8AI score0.00018EPSS

Exploits1References3