367 matches found
spmrc 安全漏洞
spmrc is an open source spmrc management library from Static Package Manager. A security vulnerability exists in spmrc 1.2.0 and earlier versions, which stems from prototype contamination of the set and config functions, which allows an attacker to inject attributes via a specially crafted payloa...
magix-combine 安全漏洞
magix-combine is a js library from thx open source. A security vulnerability exists in magix-combine 1.2.10 and earlier versions, which stems from prototype contamination in the util-deps.addFileDepend function, which could lead to a denial-of-service attack...
Rollbar.js 安全漏洞
Rollbar.js is an open source from bug tracking and logging library by Rollbar. A security vulnerability exists in Rollbar.js version 2.26.4 and earlier, which stems from a prototype contamination in the utility.set function that could lead to a denial of service attack...
DeepDiff 安全漏洞
DeepDiff is a Python library by the individual developer Sep Dehpour. A security vulnerability exists in DeepDiff 8.6.0 and earlier versions, which stems from Delta class prototype contamination and could lead to denial of service and remote code execution...
Slient-URL-Exploit
URL Exploit Hidden Downloader URL contamination and muted Jav...
Svelte 安全漏洞
Svelte is a new way to build web applications open-sourced by Svelte. A security vulnerability exists in versions of Svelte prior to 5.3.2 that stems from not properly checking input object properties, which could lead to prototype contamination...
MAL-2025-15538 Malicious code in bbos (npm)
The package bbos was found to contain malicious code...
Deno Standard Library 安全漏洞
Deno Standard Library std is a Deno Standard Library open source by Deno. A security vulnerability exists in Deno Standard Library versions prior to 1.0.9, which stems from a potential prototype contamination when parsing untrusted TOML data...
Content Security Policy parser 安全漏洞
Content Security Policy parser is a Helmet open source for parsing content security policy directives. A security vulnerability exists in Content Security Policy parser version 0.5.0 and earlier, which stems from prototype contamination and could lead to object prototypes being overwritten...
js-toml 安全漏洞
js-toml is a TOML parser for JavaScript by Sunny Personal Developer. A security vulnerability exists in versions of js-toml prior to 1.0.2, which stems from a prototype contamination vulnerability that could lead to modification of the global Object.prototype property...
SandboxJS 安全漏洞
SandboxJS is a security assessment software by nyariv individual developers. A security vulnerability exists in SandboxJS version 0.8.23 and earlier, which stems from prototype contamination and could result in a denial of service or escape from the sandbox environment...
Linkify 安全漏洞
Linkify is an open source plugin for Linkify. A security vulnerability exists in Linkify versions prior to 4.3.1 through 4.3.2 that stems from prototype contamination and is vulnerable to cross-site scripting attacks...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an over-warning by the ath6kl wifi driver of incorrect firmware inputs, which could lead to syslog...
Next.js 安全漏洞
Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in versions of Next.js prior to 15.0.4-canary.51 through 15.1.8, which stems from a cache contamination vulnerability that could lead to a denial of service...
Next.js 环境问题漏洞
Next.js is a React framework open-sourced by Vercel. An environment issue vulnerability exists in Next.js versions prior to 15.3.0 through 15.3.3 and Vercel CLI versions 41.4.1 through 42.2.0, which stems from a cache contamination vulnerability that could result in the return of incorrect conten...
The New Frontline: Why DevOps Became a Cyber Target
Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! Your developers didn't become...
SALAD: Systematic Assessment of Machine Unlearing on LLM-Aided Hardware Design
Large Language Models LLMs offer transformative capabilities for hardware design automation, particularly in Verilog code generation. However, they also pose significant data security challenges, including Verilog evaluation data contamination, intellectual property IP design leakage, and the ris...
STAMP Your Content: Proving Dataset Membership Via Watermarked Rephrasings
Given how large parts of publicly available text are crawled to pretrain large language models LLMs, data creators increasingly worry about the inclusion of their proprietary data for model training without attribution or licensing. Their concerns are also shared by benchmark curators whose...
billboard.js 安全漏洞
billboard.js is a reusable, simple interface JavaScript charting library based on D3.js open-sourced by NAVER. A security vulnerability exists in billboard.js versions prior to 3.15.1, which stems from prototype contamination in the generate function and could lead to the execution of arbitrary...
Radashi 安全漏洞
Radashi is a modern, community-first TypeScript toolkit open-sourced by Radashi. A security vulnerability exists in Radashi versions prior to 12.5.1 that stems from the set function being vulnerable to prototype contamination attacks...