Lucene search
K

2855 matches found

Snyk
Snyk
added 2026/04/24 7:21 p.m.5 views

Prototype Pollution

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution through the mergeConfig code path in the request configuration handling. An attacker can influence request behavior by supplying a...

9.1CVSS6.6AI score0.00838EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/24 5:55 p.m.3 views

CVE-2026-42041 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

4.8CVSS5.3AI score0.00611EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/24 5:55 p.m.28 views

CVE-2026-42041 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

4.8CVSS0.00611EPSS
Exploits1References1
Fedora
Fedora
added 2026/04/22 7:50 a.m.7 views

[SECURITY] Fedora 43 Update: perl-Net-CIDR-Lite-0.23-1.fc43

Faster alternative to Net::CIDR when merging a large number of CIDR address ranges. Works for IPv4 and IPv6 addresses...

7.5CVSS5.2AI score0.00309EPSS
Exploits0
OSV
OSV
added 2026/04/21 12:0 p.m.7 views

RUSTSEC-2026-0109 Broken hard revocation handling

Before sq-git checks if a commit can be authenticated, it first looks for hard revocations. Because parsing a policy is expensive and a project's policy rarely changes, sq-git has an optimization to only check a policy if it hasn't checked it before. It does this by maintaining a set of policies...

1.8CVSS5.5AI score
Exploits0References3
RustSec
RustSec
added 2026/04/21 12:0 p.m.10 views

Broken hard revocation handling

Before sq-git checks if a commit can be authenticated, it first looks for hard revocations. Because parsing a policy is expensive and a project's policy rarely changes, sq-git has an optimization to only check a policy if it hasn't checked it before. It does this by maintaining a set of policies...

5.4AI score
Exploits0Affected Software1
EUVD
EUVD
added 2026/04/20 3:34 a.m.7 views

EUVD-2026-23742

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The...

7.5CVSS6.9AI score0.00336EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/04/20 3:34 a.m.7 views

@brikcss/rollup-config-generator (>=0.0.15 <=0.0.16), @brikcss/stakcss (>=0.0.0 <=0.9.1) +9 more potentially affected by CVE-2026-6594 via @brikcss/merge (>=1.0.7 <=1.3.0)

@brikcss/merge NPM version =1.0.7, =0.0.15, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.4, =0.0.1, =0.2.0, =0.10.0 Source cves: CVE-2026-6594 Source advisory: OSV:GHSA-3JC6-6R48-V6QF...

7.5CVSS7AI score0.00336EPSS
Exploits0
OSV
OSV
added 2026/04/20 3:34 a.m.2 views

GHSA-3JC6-6R48-V6QF Deep Merge is Vulnerable to Prototype Pollution Through Lack of Sanitization

A Prototype Pollution vulnerability was determined in brikcss merge up to 1.3.0. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was...

7.3CVSS6.9AI score0.00336EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/20 3:34 a.m.82 views

Deep Merge is Vulnerable to Prototype Pollution Through Lack of Sanitization

A Prototype Pollution vulnerability was determined in brikcss merge up to 1.3.0. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was...

7.5CVSS6.9AI score0.00336EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/04/20 2:16 a.m.8 views

CVE-2026-6594

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The...

7.5CVSS0.00336EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 1:45 a.m.32 views

CVE-2026-6594 brikcss merge prototype pollution

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The...

7.5CVSS0.00336EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 1:45 a.m.3 views

CVE-2026-6594 brikcss merge prototype pollution

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The...

7.5CVSS6.9AI score0.00336EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.9 views

merge 安全漏洞

“merge” is a recursive object merging tool developed by brikcss. Versions of “merge” prior to 1.3.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of parameters like proto/constructor.prototype/prototype, which could lead to improper modification of objec...

7.5CVSS7.1AI score0.00336EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33688

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument proto /constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The...

7.5CVSS6.9AI score0.00336EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

graphql-go 安全漏洞

graphql-go is a GraphQL server developed by Webonyx, focusing on ease of use. Versions of graphql-go prior to 15.31.5 contained security vulnerabilities. These vulnerabilities stemmed from the OverlappingFieldsCanBeMerged validation rule, which performed On² comparisons for fields with the same...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 6:31 p.m.17 views

Prototype Pollution

Overview org.webjars.npm:protocol-buffers-schema is a No nonsense protocol buffers schema parser written in Javascript Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can modify object prototypes, potentially altering application logic,...

6.9CVSS6.4AI score0.00534EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 1:5 a.m.3 views

GHSA-68JQ-C3RV-PCRR graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation

The OverlappingFieldsCanBeMerged validation rule exhibits quadratic time complexity when processing queries with many repeated fields sharing the same response name. An attacker can send a crafted query like hello hello hello ... with thousands of repeated fields, causing excessive CPU usage duri...

7.5CVSS5.9AI score0.00485EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-2726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have...

4.3CVSS5.9AI score0.00194EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.4 views

CVE-2026-39384

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limitusercustomervisibility parameter into account when merging customers. This vulnerability is fixed in 1.8.212...

7.6CVSS5.9AI score0.00235EPSS
Exploits1References1
Rows per page
Query Builder