Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2026/03/17 8:58 p.m.2 views

GO-2026-4526 Infinite loop in github.com/antchfx/xpath

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

7.5CVSS5.8AI score0.00037EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 3:26 p.m.9 views

Security Bulletin: Rational Performance Tester contains a vulnerability which could result in a denial of service

Summary Due to the use of the json-path library, Rational Performance Tester contains a vulnerability which could results in a potential denial of service attack. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path v2.8.0 was discovered to contain a stack overflow via the...

5.3CVSS6.6AI score0.00116EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/08 7:36 a.m.13 views

Security Bulletin: There is a vulnerablity in the object-path library affecting IBM watsonx Code Assistant IDE Extensions

Summary There is a vulnerablity in the object-path library affecting IBM watsonx Code Assistant IDE Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-23434 DESCRIPTION: Node.js object-path module could allow a remote attack...

9.8CVSS8.2AI score0.0065EPSS
Exploits2Affected Software1
OSV
OSVadded 2025/03/28 9:30 p.m.0 views

GHSA-4H4X-4M75-47J4 depath and cool-path vulnerable to Prototype Pollution via `set()` Method

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set method at setIn lib/index.js:90. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.3CVSS6.2AI score0.00387EPSS
Exploits1References4
OSV
OSVadded 2025/03/28 9:15 p.m.0 views

CVE-2024-38985

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set method at setIn lib/index.js:90. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snykadded 2020/09/23 12:24 p.m.5 views

Prototype Pollution

Overview doc-path is an A document path library for Node Affected versions of this package are vulnerable to Prototype Pollution. PoC javascript const path = require'doc-path'; let obj = ; console.log"Before : " + obj.polluted; path.setPath, 'proto.polluted', "yes"; console.log"After : " +...

10CVSS8.8AI score0.00781EPSS
Exploits1References2
Rows per page
Query Builder