Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

40 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:58 a.m.4 views

CVE-2020-7638

confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

5.3CVSS6.7AI score0.00347EPSS
Exploits1References1
Snyk
Snykadded 2025/11/13 4:42 p.m.1 views

Prototype Pollution

Overview org.webjars.bowergithub.nodeca:js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Prototype Pollution via the merge function. An attacker can alter object prototypes by supplying specially crafted YAML documents containing proto...

6.9CVSS7.3AI score0.00025EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-6228

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.0005EPSS
Exploits1References4
Veracode
Veracodeadded 2022/10/10 6:55 p.m.21 views

Prototype Pollution

chromium,bullseye and chromium,sid is vulnerable to prototype pollution. The vulnerability exists in the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload...

6.5CVSS7.2AI score0.00168EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linuxadded 2022/08/03 6:1 p.m.0 views

minimist: prototype pollution

An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...

9.8CVSS6.8AI score0.00789EPSS
Exploits1References5
NVD
NVDadded 2022/07/17 9:15 a.m.17 views

CVE-2020-7641

This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a proto payload...

7.8CVSS0.0005EPSS
Exploits1References2
CVE
CVEadded 2022/07/17 8:40 a.m.39 views

CVE-2020-7641

CVE-2020-7641 affects the npm package grunt-util-property (all versions). The vulnerability is prototype pollution: the function call could be tricked into adding or modifying properties of Object.prototype using a proto payload, enabling an attacker to modify base object behavior. Public descrip...

7.8CVSS5.7AI score0.0005EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2022/07/17 8:40 a.m.22 views

CVE-2020-7641 Prototype Pollution

This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a proto payload...

4CVSS7.6AI score0.0005EPSS
Exploits1References2
NVD
NVDadded 2021/07/21 4:15 p.m.8 views

CVE-2021-23408

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

5.4CVSS0.00254EPSS
Exploits1References4
Prion
Prionadded 2021/07/21 4:15 p.m.13 views

Design/Logic Flaw

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

4.3CVSS4.7AI score0.00254EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2021/06/15 1:8 p.m.0 views

CVE-2021-23395

This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a proto or constructor.prototype payload...

7.3CVSS5.3AI score0.00224EPSS
Exploits1References2
Snyk
Snykadded 2021/06/15 8:29 a.m.2 views

Prototype Pollution

Overview nedb is an embedded persistent or in memory database for Node.js, nw.js, Electron and browsers, 100% JavaScript, no binary dependency. Affected versions of this package are vulnerable to Prototype Pollution. The library could be tricked into adding or modifying properties of...

7.3CVSS7.2AI score0.00224EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2021/04/13 3:24 p.m.39 views

Injection in bodymen

bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

6.5CVSS2.3AI score0.0034EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linuxadded 2020/07/07 9:14 a.m.2 views

nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload

A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

6.8CVSS7.3AI score0.00189EPSS
Exploits2References5
NVD
NVDadded 2020/04/28 7:15 p.m.9 views

CVE-2020-7644

fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

8.1CVSS8AI score0.00506EPSS
Exploits1References2
Prion
Prionadded 2020/04/28 7:15 p.m.12 views

Design/Logic Flaw

fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

6.8CVSS7.9AI score0.00506EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blogadded 2020/04/07 3:52 p.m.71 views

confinit vulnerable to prototype pollution

confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

5.3CVSS2.7AI score0.00347EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blogadded 2020/04/07 3:47 p.m.110 views

Prototype pollution in class-transformer

class-transformer through 0.2.3 is vulnerable to Prototype Pollution. The 'classToPlainFromExist' function could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

5.3CVSS3.2AI score0.00318EPSS
Exploits1References5Affected Software1
Veracode
Veracodeadded 2020/04/07 9:14 a.m.10 views

Prototype Pollution

confinit is vulnerable to prototype pollution. The vulnerability exists because the function setDeepProperty allows the manipulation of properties of Object.prototype as it accepts the proto payload...

5.3CVSS2.8AI score0.00347EPSS
Exploits1References1Affected Software1
Veracode
Veracodeadded 2020/04/07 9:4 a.m.11 views

Prototype Pollution

confinit is vulnerable Prototype Pollution. The vulnerability exists because the function setDeepProperty allows the manipulation of properties of Object.prototype as it accepts proto payload...

8.1AI score
Exploits0
Rows per page
Query Builder