Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through improper handling of the Object.assign process in the dataset service. An attacker can gain unauthorized access to...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over resources belonging to other...

CVE-2026-42077 Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...

CVE-2026-42077 Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...

EUVD-2026-27012

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...

Prototype Pollution

Overview @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol GEP for auditable, reusable evolution assets. Affected versions of this package are vulnerable to Prototype Pollution via the Object.assign process in...

EUVD-2025-15378

Malicious code in bioql PyPI...

PT-2025-26840 · Onetrust · Onetrust Sdk

Name of the Vulnerable Software and Affected Versions: OneTrust SDK version 6.33.0 Description: The issue allows a local attacker to cause a denial of service via the Object.setPrototypeOf, proto , and Object.assign components. Recommendations: For OneTrust SDK version 6.33.0, consider disabling...

CVE-2025-4727

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

Meteor Affected By Inefficient Regular Expression Complexity

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

GHSA-J3V9-6GC7-VF5F Meteor Affected By Inefficient Regular Expression Complexity

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

CVE-2025-4727

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

CVE-2025-4727 Meteor livedata_server.js Object.assign redos

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

CVE-2025-4727 Meteor livedata_server.js Object.assign redos

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

CVE-2025-4727

Summary: CVE-2025-4727 affects Meteor up to 3.2.1, involving the Object.assign handling in packages/ddp-server/livedata_server.js where forwardedFor manipulation enables inefficient regex complexity (ReDoS). The issue may be remotely exploitable and requires high attack complexity. Public exploit...

Meteor 安全漏洞

Meteor is a JavaScript application platform open-sourced by Meteor. A security vulnerability exists in Meteor 3.2.1 and earlier versions, which stems from an insufficient regular expression complexity due to an incorrect operation of the function Object.assign on the parameter forwardedFor in the...

PT-2025-21583 · Meteor · Meteor

Name of the Vulnerable Software and Affected Versions: Meteor versions up to 3.2.1 Description: A vulnerability was found in the function Object.assign of the file packages/ddp-server/livedata server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression...