PT-2025-50969

Name of the Vulnerable Software and Affected Versions Vuetify versions 2.2.0-beta.2 through 3.0.0-alpha.10 Description The Preset configuration feature of Vuetify is susceptible to Prototype Pollution due to the 'mergeDeep' utility function used for merging options with defaults. A malicious pres...

CVE-2025-66456

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.0 through 1.4.16 contain a prototype pollution vulnerability in mergeDeep after merging results of two standard schema validations with the same key. Due to...

CVE-2025-66456 Elysia vulnerable to prototype pollution with multiple standalone schema validation

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.0 through 1.4.16 contain a prototype pollution vulnerability in mergeDeep after merging results of two standard schema validations with the same key. Due to...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:ag-charts-community is an Advanced Charting / Charts supporting Javascript / Typescript / React / Angular / Vue Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the .mergeDeep function. ...