1070 matches found
CVE-2025-57330
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
GHSA-HHF6-3XPG-PGGX web3-core-subscriptions has a Prototype Pollution vulnerability
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
003-gas-convert (=1.0.1), 0x-hunter-core (>=1.0.0 <=1.0.1-5) +6603 more potentially affected by CVE-2025-57330 via web3-core-subscriptions (>=1.0.0-beta.27 <=2.0.0-alpha)
web3-core-subscriptions NPM version =1.0.0-beta.27, =1.0.0, =0.0.3, =0.0.3, =0.0.31, =1.1.0, =0.9.9, =0.1.0, =0.1.1 - 55tools-block =1.0.0 - 55tools-block-ext =1.0.0 - 84447xe5t8 =1.0.0 and more Source cves: CVE-2025-57330 Source advisory: OSV:GHSA-HHF6-3XPG-PGGX...
web3-core-subscriptions has a Prototype Pollution vulnerability
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
CVE-2025-57330
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
CVE-2025-57330
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
CVE-2025-57963
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Subscriptions Zoho Billing zoho-subscriptions allows DOM-Based XSS.This issue affects Zoho Billing: from n/a through = 4.1...
PT-2025-39329
Name of the Vulnerable Software and Affected Versions web3-core-subscriptions versions 1.10.4 and earlier Description The web3-core-subscriptions package, designed for managing web3 subscriptions, contains a flaw in the attachToObject function. This issue allows for Prototype Pollution by enablin...
CVE-2025-57330
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
CVE-2025-57330
The CVE-2025-57330 entry describes a Prototype Pollution in web3-core-subscriptions (attachToObject) affecting version 1.10.4 and earlier. The vulnerability allows an attacker to inject properties into Object.prototype via a crafted payload, with the documented minimum impact being Denial of Serv...
CVE-2025-57330
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
CVE-2025-57963
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Subscriptions Zoho Billing zoho-subscriptions allows DOM-Based XSS.This issue affects Zoho Billing: from n/a through = 4.1...
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
LIVE SELECT statements are used to capture changes to data within a table in real time. Documents included in WHERE conditions and DELETE notifications were not properly reduced to respect the querying user's security context. Instead the leaked documents reflect the context of the user triggerin...
GHSA-7VM2-J586-VCVC SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
LIVE SELECT statements are used to capture changes to data within a table in real time. Documents included in WHERE conditions and DELETE notifications were not properly reduced to respect the querying user's security context. Instead the leaked documents reflect the context of the user triggerin...
PT-2025-39636
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description A flaw exists in the live query subscription mechanism of the database engine. This allows record or guest users to observe unauthorized records within the same table, bypassing access controls. This is achiev...
Linux Distros Unpatched Vulnerability : CVE-2021-36400
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. CVE-2021-36400 Note that Nessus relies on the...
Metabase 0.43.x < 0.43.7.1 / 0.44.x < 0.44.6.1 / 0.45.x < 0.45.2.1 / 1.43.x < 1.43.7.1 / 1.44.x < 1.44.6.1 / 1.45.x < 1.45.2.1
The version of Metabase installed on the remote host is affected by multiple vulnerabilities: - An information disclosure exposure of sensitive information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application...
graphql-playground
This repository is an offensive tool for GraphQL. It is a GraphQL IDE for better development workflows, featuring context-aware autocompletion and error highlighting, interactive, multi-column docs, and support for real-time GraphQL Subscriptions. The tool is vulnerable to an XSS Reflection attac...
CVE-2025-58600
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through = 2.15.9...
CVE-2025-58600
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through = 2.15.9...