CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в dojo

All versions of the dojo package are vulnerable to Prototype Pollution through the setObject function...

9.8CVSS6.8AI score0.01995EPSS

Exploits1References2

IBM Security Bulletins•added 2026/04/21 7:28 a.m.•4 views

Security Bulletin: IBM Storage Protect Operations Center is affected by vulnerabilities in the dojo-profile library that could allow prototype pollution or improper handling of crafted PNG inputs (CVE-2021-23450, CVE-2008-6681, CVE-2010-2273).

Summary IBM Storage Protect Operations Center uses the dojo-profile library in certain components. Vulnerabilities in this library may allow prototype pollution or improper handling of specially crafted PNG files, which could lead to memory corruption or denial-of-service conditions in applicatio...

9.8CVSS6.8AI score0.43247EPSS

Exploits3Affected Software1

vulnersOsv•added 2026/04/01 11:51 p.m.•2 views

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2026-4800 via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2026-4800 Source advisory: OSV:GHSA-R5FR-RJXR-66JC...

9.8CVSS6.2AI score0.00044EPSS

vulnersOsv•added 2026/03/31 11:2 p.m.•2 views

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2025-13465 +1 more via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2025-13465, CVE-2026-2950 Source advisory: SNYK:JS-LODASHAMD-15869622...

7.9CVSS6.4AI score0.00028EPSS

vulnersOsv•added 2026/03/31 11:2 p.m.•3 views

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2021-23337 +1 more via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2021-23337, CVE-2026-4800 Source advisory: SNYK:JS-LODASHAMD-15869626...

9.8CVSS6.8AI score0.04314EPSS

Exploits2

Packet Storm News•added 2026/02/04 12:0 a.m.•3 views

Bypassing AI Control Protocols Via Agent-As-A-Proxy Attacks

As AI agents automate critical workloads, they remain vulnerable to indirect prompt injection IPI attacks. Current defenses rely on monitoring protocols that jointly evaluate an agent's Chain-of-Thought CoT and tool-use actions to ensure alignment with user intent. We demonstrate that these...

5.5AI score

RedhatCVE•added 2026/01/31 3:19 a.m.•5 views

CVE-2026-25117

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

NVD•added 2026/01/29 10:15 p.m.•3 views

Exploits0References1

CVE-2026-25117

8.3CVSS0.00087EPSS

ATTACKERKB•added 2026/01/29 9:53 p.m.•4 views

CVE-2026-25117

Vulnrichment•added 2026/01/29 9:53 p.m.•2 views

Exploits0References3

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

8.3CVSS5.8AI score0.00087EPSS

CVE•added 2026/01/29 9:53 p.m.•6 views

CVE-2026-25117

CVE-2026-25117 concerns pwn.college DOJO, an education platform. Before commit e33da14449a5abcff507e554f66e2141d6683b0a, sandboxing was missing on routes starting with /workspace/*, allowing a challenge author to inject arbitrary JavaScript that runs in the same origin as the DOJO site. This cons...

EUVD•added 2026/01/29 9:53 p.m.•2 views

EUVD-2026-4941

OSV•added 2026/01/29 9:53 p.m.•3 views

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

Cvelist•added 2026/01/29 9:53 p.m.•18 views

Exploits0References4

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

8.3CVSS0.00087EPSS