CVE-2026-15699
The CVE-2026-15699 entry concerns a prototype pollution vulnerability in spencermountain compromise (≤ 14.15.1) affecting the Public Root API. Specifically, the function nlp.extend in src/API/extend.js can be exploited by manipulating the plugin argument, leading to improper modification of objec...