toggle-array vulnerable to prototype pollution

toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A Prototype Pollution vulnerability in the enable and disable function of toggle-array v1.0.1 and before allows attackers to inject properties on...

toggle-array 安全漏洞

toggle-array is a js library by the individual developer Jon Schlinkert. A security vulnerability exists in toggle-array 1.0.1 and earlier versions, which stems from prototype contamination in the enable and disable functions, which could lead to a denial of service attack...

PT-2025-19724 · NetGear · Netgear Rax5

Name of the Vulnerable Software and Affected Versions: NETGEAR RAX5 version 1.0.2.26 Description: A command injection issue was discovered in the NETGEAR RAX5 AX1600 WiFi Router via the iface parameter in the vif enable function. This allows for potential exploitation. Recommendations: For versio...

CVE-2022-1155

Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10...

PT-2025-3417 · Linksys · Linksys E7350

Name of the Vulnerable Software and Affected Versions: Linksys E7350 version 1.1.00.032 Description: A command injection issue was discovered via the iface parameter in the vif enable function. This allows for potential exploitation. Recommendations: For Linksys E7350 version 1.1.00.032, as a...

PT-2024-10150 · Mullvad · Mullvad Vpn Client

Name of the Vulnerable Software and Affected Versions: Mullvad VPN client versions 2024.6 Desktop through 2024.8 iOS Mullvad VPN client version 2024.8-beta1 Android Description: The exception-handling alternate stack in the Mullvad VPN client can be exhausted, leading to heap-based out-of-bounds...

CVE-2024-37626

A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vifenable function...

TOTOLINK A6000R 安全漏洞

TOTOLINK A6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A6000R suffers from a code execution vulnerability that originates from allowing a remote attacker to execute arbitrary code via the iface parameter in the vifenable function. No details of the vulnerability...

CVE-2024-37626

A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vifenable function...

PT-2023-30822 · Ppcfw · Ppcfw

Name of the Vulnerable Software and Affected Versions: ppcfw affected versions not specified Description: The issue is related to a missing permission check in the ppcfw enable function of ppcfw.c, which could lead to a local escalation of privilege with no additional execution privileges needed...

GHSA-GMWP-3PWC-3J3G mockery is vulnerable to prototype pollution

Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js...

CVE-2022-37614

Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js...

PT-2022-24027 · Unknown · Mockery.Js

Name of the Vulnerable Software and Affected Versions: mockery.js affected versions not specified Description: The issue is related to a prototype pollution vulnerability in the enable function of mockery.js, specifically in the mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf...

CVE-2022-1155 Old sessions are not blocked by the login enable function. in snipe/snipe-it

Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10...