Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

RedhatCVE
RedhatCVEadded 2025/12/17 5:1 p.m.4 views

CVE-2025-68130

tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...

8.5CVSS7.1AI score0.00357EPSS
Exploits0References1
OSV
OSVadded 2025/12/16 7:37 p.m.1 views

GHSA-43P4-M455-4F4J tRPC has possible prototype pollution in `experimental_nextAppDirCaller`

Note that this vulnerability is only present when using experimentalcaller / experimentalnextAppDirCaller. Summary A Prototype Pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router adapter. An attacker can pollute Object.prototype by...

8.5CVSS6.9AI score0.00357EPSS
Exploits0References4
Snyk
Snykadded 2025/12/16 5:42 p.m.3 views

Prototype Pollution

Overview @trpc/server is a The tRPC server library Affected versions of this package are vulnerable to Prototype Pollution via the formDataToObject function. An attacker can modify Object.prototype by submitting specially crafted FormData field names, which may result in authorization bypass,...

9.1CVSS7.9AI score0.00357EPSS
Exploits0References2
Rows per page
Query Builder