CVE-2024-45435

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function...

CVE-2024-33688

Cross-Site Request Forgery CSRF vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31...

CVE-2024-2904

Cross-Site Request Forgery CSRF vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33...

CVE-2024-36582

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

CVE-2024-38994

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-33686

Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea...

CVE-2023-26158

All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, o...

CVE-2023-26133

All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend in the file utils.js...

CVE-2023-26102

All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...

CVE-2023-26602

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution...

CVE-2023-26113

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

DEBIAN-CVE-2025-22048

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Don't override subprog's return value The verifier test calls: div by 0 in subprog triggers a panic at the ld.bu instruction. The ld.bu insn is trying to load byte from memory address returned by the subprog. The...

CVE-2025-32185

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Extend Themes Colibri Page Builder colibri-page-builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through = 1.0.329...

Linux Distros Unpatched Vulnerability : CVE-2018-3750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can contro...

Prototype Pollution

utils-extend is vulnerable to Prototype Pollution. The vulnerability is due to the lib.extend function, which allows an attacker to modify the global prototype chain and potentially cause a denial of service DoS...

CVE-2024-57077

The latest version of utils-extend 1.0.8 is vulnerable to Prototype Pollution through the entry functions lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service DoS a the minimum...

utils-extend Prototype Pollution

The latest version of utils-extend 1.0.8 is vulnerable to Prototype Pollution through the entry functions lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service DoS a the minimum...

GHSA-7QGG-VW88-CC99 utils-extend Prototype Pollution

The latest version of utils-extend 1.0.8 is vulnerable to Prototype Pollution through the entry functions lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service DoS a the minimum...

1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +802 more potentially affected by CVE-2024-57077 via utils-extend (=1.0.8)

utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...

CVE-2024-57077

The latest version of utils-extend 1.0.8 is vulnerable to Prototype Pollution through the entry functions lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service DoS a the minimum...