Lucene search
K

676 matches found

EUVD
EUVD
added 2026/04/01 11:50 p.m.4 views

EUVD-2026-17591

lodash vulnerable to Prototype Pollution via array path bypass in .unset and .omit...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/31 11:2 p.m.3 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped path segments, potentially impacting application behaviour. Notes: 1 Version 4.18.0 was intend...

7.9CVSS6.4AI score0.01535EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 11:2 p.m.7 views

Prototype Pollution

Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped pa...

7.9CVSS6.4AI score0.01535EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 8:16 p.m.19 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS0.00317EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 8:16 p.m.5 views

UBUNTU-CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 7:18 p.m.6 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

7.9CVSS5.9AI score0.01535EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2026/03/31 7:18 p.m.56 views

CVE-2026-2950

CVE-2026-2950 affects lodash ≤ 4.17.23, enabling prototype pollution via array-wrapped path segments in _.unset and _.omit. The attack can delete properties from built-in prototypes (Object.prototype, Number.prototype, String.prototype) without overwriting behavior. The issue is patched in lodash...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References1Affected Software4
ATTACKERKB
ATTACKERKB
added 2026/03/31 6:40 p.m.1 views

CVE-2026-3356

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a...

9.3CVSS5.9AI score0.00387EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

lodash 安全漏洞

lodash is an open-source JavaScript utility library developed by Lodash Utilities. Lodash versions 4.17.23 and earlier contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution in the .unset and .omit functions, which could lead to the deletion of properties that...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/26 6:4 p.m.8 views

LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write

Summary A vulnerability has been identified that allows an authenticated administrator to execute arbitrary code on the host server. By modifying the binary path settings for built-in network tools and bypassing an input filter, an attacker with administrative privileges can download and execute...

8.5CVSS6.3AI score0.07533EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/24 7:16 p.m.9 views

UBUNTU-CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.8AI score0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.29 views

PT-2026-27473

Name of the Vulnerable Software and Affected Versions Zabbix versions prior to 7.4 Description A design flaw in Zabbix Server/Proxy related to JavaScript Duktape context reuse can result in data leakage. Specifically, a regular Zabbix administrator may unintentionally expose data for hosts they a...

7.1CVSS5.7AI score0.00154EPSS
Exploits0References16
OSV
OSV
added 2026/03/20 11:37 a.m.3 views

BIT-PARSE-2026-32878 Parse Server vulnerable to schema poisoning via prototype pollution in deep copy

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that exploits...

7.5CVSS5.8AI score0.00345EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/20 7:48 a.m.4 views

CVE-2026-33022 Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...

6.5CVSS5.8AI score0.00368EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 4:16 a.m.8 views

ALPINE-CVE-2026-32945

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

9.8CVSS5.5AI score0.00308EPSS
Exploits1References1
CVE
CVE
added 2026/03/20 3:54 a.m.16 views

CVE-2026-32945

CVE-2026-32945 affects PJSIP 2.16 and earlier; the DNS parser’s name-length handling in pjlib-util (get_name_len/get_name) allows a heap-based buffer overflow via a crafted DNS response, enabling remote DoS. The issue is fixed in PJSIP 2.17. Mitigations/workarounds: upgrade to 2.17, or avoid DNS ...

9.8CVSS5.8AI score0.00308EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 3:54 a.m.3 views

CVE-2026-32945 PJSIP is vulnerable to Heap-based Buffer Overflow through DNS parser

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

8.4CVSS5.8AI score0.00308EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/03/20 3:54 a.m.5 views

CVE-2026-32945

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

9.8CVSS5.5AI score0.00308EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/03/20 3:54 a.m.5 views

CVE-2026-32945

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

9.8CVSS5.4AI score0.00308EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26552

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.16 and below Description PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a Heap-based Buffer Overflow in the DNS parser's name length handler. This impacts...

9.8CVSS5.8AI score0.00308EPSS
Exploits1References8
Rows per page
Query Builder