CVE-2025-52998

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's...

CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

EUVD-2019-0337

Malware in sbrugna...

EUVD-2020-0554

Malware in sbrugna...

EUVD-2023-43867

Malicious code in bioql PyPI...

Prototype Pollution

Overview counterpart is an A translation and localization library for Node.js and the browser Affected versions of this package are vulnerable to Prototype Pollution in the translate process. An attacker can inject arbitrary properties into the JavaScript Object prototype by supplying specially...

CVE-2025-57351

The CVE-2025-57351 entry concerns the ts-fns npm package, affected in versions prior to 13.0.7. The root cause is insufficient validation of user-provided keys in the assign function, enabling prototype pollution by manipulating the Object.prototype chain. This can inject arbitrary properties int...

Prototype Pollution

@amoy/common is vulnerable to prototype pollution. The vulnerability is due to setValue function, potentially allowing attackers to execute arbitrary code or cause a Denial of Service DoS by injecting arbitrary properties...

Open redirect

An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP Open Charge Point Protocol for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is...

Prototype Pollution

tree-kit is vulnerable to Prototype Pollution. The vulnerability occurs because the extend function when the unflat option is set can be used to add arbitrary properties to an object , including properties that are not defined in the object's prototype which allows an attacker to execute arbitrar...

GitHub Enterprise Server 跨站脚本漏洞

GitHub Enterprise Server is GitHub an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A cross-site scripting vulnerability exists in GitHub Enterprise Server versions prior to 3.6, whi...

Prototype Pollution

js-data is vulnerable to pollution prototype. The vulnerability exists due to an incomplete fix of CVE-2020-28442. A remote attacker is able to inject arbitrary properties into existing construct prototypes and modify attributes via the deepFillIn and the set functions resulting in prototype...

Prototype Pollution

jsonpointer is vulnerable to prototype pollution vulnerability. An attacker is able to inject arbitrary properties into existing construct prototypes and modification of attributes such as proto, constructor and prototype...

Prototype Pollution

@cookiex/deep is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the assigner function...

Prototype Pollution

object-path is vulnerable to Prototype Pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the del function...

Prototype Pollution

supermixer is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype in the iteratee function...

Prototype Pollution

set-getter is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Prototype Pollution

deep-defaults is vulnerable to prototype pollution. The vulnerability exists as it is possible to overwrite Object.prototype with arbitrary object properties in the deepDefaults function...

CVE-2021-24238

The Realteo WordPress plugin (pre-1.2.4), used by the Findeo Theme, is vulnerable due to a missing ownership check when deleting a property. An authenticated user can tamper with the property_id parameter to delete properties belonging to others, enabling an IDOR-like impact. The issue is tied to...