Lucene search
+L

367 matches found

CNNVD
CNNVD
added 2025/09/24 12:0 a.m.4 views

spmrc 安全漏洞

spmrc is an open source spmrc management library from Static Package Manager. A security vulnerability exists in spmrc 1.2.0 and earlier versions, which stems from prototype contamination of the set and config functions, which allows an attacker to inject attributes via a specially crafted payloa...

7.5CVSS6.3AI score0.00365EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.4 views

magix-combine 安全漏洞

magix-combine is a js library from thx open source. A security vulnerability exists in magix-combine 1.2.10 and earlier versions, which stems from prototype contamination in the util-deps.addFileDepend function, which could lead to a denial-of-service attack...

9.8CVSS6.4AI score0.00404EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.7 views

Rollbar.js 安全漏洞

Rollbar.js is an open source from bug tracking and logging library by Rollbar. A security vulnerability exists in Rollbar.js version 2.26.4 and earlier, which stems from a prototype contamination in the utility.set function that could lead to a denial of service attack...

7.5CVSS6.3AI score0.00365EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.6 views

DeepDiff 安全漏洞

DeepDiff is a Python library by the individual developer Sep Dehpour. A security vulnerability exists in DeepDiff 8.6.0 and earlier versions, which stems from Delta class prototype contamination and could lead to denial of service and remote code execution...

10CVSS7.4AI score0.01056EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/08/30 7:51 a.m.174 views

Slient-URL-Exploit

URL Exploit Hidden Downloader URL contamination and muted Jav...

7.7AI score
Exploits0
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.4 views

Svelte 安全漏洞

Svelte is a new way to build web applications open-sourced by Svelte. A security vulnerability exists in versions of Svelte prior to 5.3.2 that stems from not properly checking input object properties, which could lead to prototype contamination...

7.9CVSS6.3AI score0.00345EPSS
Exploits0References3
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-15538 Malicious code in bbos (npm)

The package bbos was found to contain malicious code...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.5 views

Deno Standard Library 安全漏洞

Deno Standard Library std is a Deno Standard Library open source by Deno. A security vulnerability exists in Deno Standard Library versions prior to 1.0.9, which stems from a potential prototype contamination when parsing untrusted TOML data...

7.3CVSS6.7AI score0.0033EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.4 views

Content Security Policy parser 安全漏洞

Content Security Policy parser is a Helmet open source for parsing content security policy directives. A security vulnerability exists in Content Security Policy parser version 0.5.0 and earlier, which stems from prototype contamination and could lead to object prototypes being overwritten...

8.8CVSS6.4AI score0.00424EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.7 views

js-toml 安全漏洞

js-toml is a TOML parser for JavaScript by Sunny Personal Developer. A security vulnerability exists in versions of js-toml prior to 1.0.2, which stems from a prototype contamination vulnerability that could lead to modification of the global Object.prototype property...

7.9CVSS6.4AI score0.00496EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.6 views

SandboxJS 安全漏洞

SandboxJS is a security assessment software by nyariv individual developers. A security vulnerability exists in SandboxJS version 0.8.23 and earlier, which stems from prototype contamination and could result in a denial of service or escape from the sandbox environment...

7CVSS6.5AI score0.00203EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/25 12:0 a.m.4 views

Linkify 安全漏洞

Linkify is an open source plugin for Linkify. A security vulnerability exists in Linkify versions prior to 4.3.1 through 4.3.2 that stems from prototype contamination and is vulnerable to cross-site scripting attacks...

8.8CVSS5.8AI score0.00501EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/25 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an over-warning by the ath6kl wifi driver of incorrect firmware inputs, which could lead to syslog...

5.5CVSS6.9AI score0.00172EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/07/03 12:0 a.m.8 views

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in versions of Next.js prior to 15.0.4-canary.51 through 15.1.8, which stems from a cache contamination vulnerability that could lead to a denial of service...

7.5CVSS8AI score0.008EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/03 12:0 a.m.6 views

Next.js 环境问题漏洞

Next.js is a React framework open-sourced by Vercel. An environment issue vulnerability exists in Next.js versions prior to 15.3.0 through 15.3.3 and Vercel CLI versions 41.4.1 through 42.2.0, which stems from a cache contamination vulnerability that could result in the return of incorrect conten...

3.7CVSS7.3AI score0.00403EPSS
Exploits1References6
hivepro
hivepro
added 2025/06/19 2:0 p.m.3 views

The New Frontline: Why DevOps Became a Cyber Target

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! Your developers didn't become...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/11 12:0 a.m.8 views

SALAD: Systematic Assessment of Machine Unlearing on LLM-Aided Hardware Design

Large Language Models LLMs offer transformative capabilities for hardware design automation, particularly in Verilog code generation. However, they also pose significant data security challenges, including Verilog evaluation data contamination, intellectual property IP design leakage, and the ris...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/08 12:0 a.m.4 views

STAMP Your Content: Proving Dataset Membership Via Watermarked Rephrasings

Given how large parts of publicly available text are crawled to pretrain large language models LLMs, data creators increasingly worry about the inclusion of their proprietary data for model training without attribution or licensing. Their concerns are also shared by benchmark curators whose...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/06/04 12:0 a.m.5 views

billboard.js 安全漏洞

billboard.js is a reusable, simple interface JavaScript charting library based on D3.js open-sourced by NAVER. A security vulnerability exists in billboard.js versions prior to 3.15.1, which stems from prototype contamination in the generate function and could lead to the execution of arbitrary...

9.8CVSS7AI score0.00725EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/27 12:0 a.m.7 views

Radashi 安全漏洞

Radashi is a modern, community-first TypeScript toolkit open-sourced by Radashi. A security vulnerability exists in Radashi versions prior to 12.5.1 that stems from the set function being vulnerable to prototype contamination attacks...

8.8CVSS6.4AI score0.00557EPSS
Exploits0References3
Rows per page
Query Builder