Lucene search
K

49 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/07/03 11:2 p.m.3 views

Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System

Summary Multiple Vulnerabilities have been addressed in IBM Cloud Pak System v2.3.5.1. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable v...

9.8CVSS6.2AI score0.01535EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:17 p.m.3 views

Security Bulletin: Vulnerability in flatted affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in flatted has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

9.8CVSS6.9AI score0.00808EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:17 p.m.3 views

Security Bulletin: Vulnerability in flatted affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in flatted has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

7.5CVSS7.1AI score0.00777EPSS
Exploits1Affected Software2
OSV
OSV
added 2026/06/04 7:46 p.m.4 views

ROOT-APP-NPM-CVE-2026-33228 CVE-2026-33228 in @rootio/flatted - Patched by Root

Root has patched CVE-2026-33228 in the @rootio/flatted package for Root:npm. Multiple fixed versions available...

9.8CVSS5.9AI score0.00808EPSS
Exploits1
OSV
OSV
added 2026/06/04 7:46 p.m.6 views

ROOT-APP-NPM-CVE-2026-32141 CVE-2026-32141 in @rootio/flatted - Patched by Root

Root has patched CVE-2026-32141 in the @rootio/flatted package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00777EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 3:14 p.m.17 views

Security Bulletin: IBM Quantum Safe Remediator is affected by multiple vulnerabilities

Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the libraries versions. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a...

9.8CVSS7.7AI score0.01557EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 12:0 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz, flatted-3.3.3.tgz which is vulnerable to CVE-2026-33228.

Summary IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz, flatted-3.3.3.tgz which is vulnerable to CVE-2026-33228. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circul...

9.8CVSS6.1AI score0.00808EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 7:33 p.m.11 views

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0.3 Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as...

9.9CVSS6AI score0.01815EPSS
Exploits9Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 12:34 a.m.5 views

CVE-2026-33228

A flaw was found in flatted, a JavaScript Object Notation JSON parser designed for handling circular data structures. A remote attacker can exploit this vulnerability by providing specially crafted JSON input. The parse function in flatted fails to properly validate string values used as array...

9.8CVSS6.2AI score0.00808EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 1:36 p.m.5 views

Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench ist affected by leaking a live reference to Array.Prototype

Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array...

9.8CVSS6AI score0.00808EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/21 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direc...

9.8CVSS6.2AI score0.00808EPSS
Exploits1References3
NVD
NVD
added 2026/03/20 11:16 p.m.5 views

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS0.00808EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2026/03/20 11:16 p.m.5 views

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS6.1AI score0.00808EPSS
Exploits1References4
OSV
OSV
added 2026/03/20 11:16 p.m.6 views

UBUNTU-CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS6AI score0.00808EPSS
Exploits1References5
OSV
OSV
added 2026/03/20 11:6 p.m.6 views

CVE-2026-33228 flatted: Prototype Pollution via parse()

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.3CVSS5.9AI score0.00808EPSS
Exploits1References11
Vulnrichment
Vulnrichment
added 2026/03/20 11:6 p.m.14 views

CVE-2026-33228 flatted: Prototype Pollution via parse()

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.3CVSS6AI score0.00808EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/20 11:6 p.m.43 views

CVE-2026-33228 flatted: Prototype Pollution via parse()

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.3CVSS0.00808EPSS
Exploits1References3
CVE
CVE
added 2026/03/20 11:6 p.m.80 views

CVE-2026-33228

Flatted (JSON circular parser) is affected. Prior to 3.4.2, its parse() could treat attacker-controlled string values as direct array index keys, and using the key proto on the internal Array could expose Array.prototype to the output, enabling prototype pollution. The issue has been patched in v...

9.8CVSS6AI score0.00808EPSS
Exploits1References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 11:6 p.m.4 views

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.3CVSS6AI score0.00808EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2026/03/20 11:6 p.m.4 views

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS5.8AI score0.00808EPSS
Exploits1
Rows per page
Query Builder