597 matches found
CVE-2026-6621
A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...
CVE-2026-6621
The CVE-2026-6621 entry concerns a prototype pollution vulnerability in 1024bit extend-deep (versions up to 0.1.6). The affected surface is an unknown function in index.js where manipulation of the proto object enables improper modification of prototype attributes. Exploitation is described as re...
CVE-2026-6621 1024bit extend-deep index.js prototype pollution
A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...
CVE-2026-6621 1024bit extend-deep index.js prototype pollution
A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...
extend-deep 安全漏洞
extend-deep is a JavaScript library developed by Hangga, designed for deeply recursive object merging. Versions of extend-deep 0.1.6 and earlier contained a security vulnerability, which stemmed from improper handling of the proto parameter in the index.js file. This vulnerability could lead to...
PT-2026-33736
A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...
Malicious code in buffer-util-extend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374d8c5c4c32544741d1ea3788cfbccc3ee175f7181f8bdfa71cf4fde44121eb On require/import, index.js decodes a base64 string literal to https://www.jsonkeeper.com/b/CWOV9, fetches that anonymous JSON paste, and passes the...
MAL-2026-2920 Malicious code in buffer-util-extend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374d8c5c4c32544741d1ea3788cfbccc3ee175f7181f8bdfa71cf4fde44121eb On require/import, index.js decodes a base64 string literal to https://www.jsonkeeper.com/b/CWOV9, fetches that anonymous JSON paste, and passes the...
Malicious code in path-extend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 429c0dbb9c8395a6c87ffcf5e6ebe03c6cf6568b4bf205afa933b7d6a49aa578 On require, path.js runs an IIFE that calls a loader which fetches a base64-hidden URL https://www.jsonkeeper.com/b/XTTBX from jsonkeeper.com — an...
MAL-2026-2929 Malicious code in path-extend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 429c0dbb9c8395a6c87ffcf5e6ebe03c6cf6568b4bf205afa933b7d6a49aa578 On require, path.js runs an IIFE that calls a loader which fetches a base64-hidden URL https://www.jsonkeeper.com/b/XTTBX from jsonkeeper.com — an...
EUVD-2026-21866
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock...
CVE-2026-21011
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock...
CVE-2026-21011
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock...
CVE-2026-21011
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock...
CVE-2026-21011
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock...
CVE-2026-21011
CVE-2026-21011 describes an incorrect privilege assignment in Bluetooth when in Maintenance mode, prior to the SMR Apr-2026 Release 1. This flaw could allow a physical attacker to bypass Extend Unlock. The reporting sources (NVD and CVE feeds) confirm the description and note a Samsung security u...
SAMSUNG Mobile devices 安全漏洞
Samsung Mobile devices are a series of mobile devices produced by South Korea’s Samsung Corporation, including smartphones and tablets. There are security vulnerabilities in Samsung Mobile Devices, which stem from improper permission allocation. These vulnerabilities may allow physical attackers ...
PT-2026-32269
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock...
EUVD-2026-17355
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Extend Themes Kubio AI Page Builder allows Stored XSS.This issue affects Kubio AI Page Builder: from n/a through 2.7.0...
CVE-2026-34887
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Extend Themes Kubio AI Page Builder allows Stored XSS.This issue affects Kubio AI Page Builder: from n/a through 2.7.0...