EUVD-2026-32976

deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain proto/constructor/prototype. The property path must not be exposed as user input. This vulnerability is fixed in 1.0.3...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013535)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013535 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/zip - fix mismatch in get/set sglsgenr KASAN reported this Bug: 17619.659757 BU...

CVE-2022-50814

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/zip - fix mismatch in get/set sglsgenr KASAN reported this Bug: 17619.659757 BUG: KASAN: global-out-of-bounds in paramgetint+0x34/0x60 17619.673193 Read of size 4 at addr fffff01332d7ed00 by task readall/1507958...

CVE-2025-52079

The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /getset.ccp...

EUVD-2025-35216

The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /getset.ccp...

EUVD-2021-1011

Malware in sbrugna...

EUVD-2022-6095

Malicious code in bioql PyPI...

PT-2025-40082

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to hardware timestamping hwtstamp within network device operations. Specifically, the issue involves failing to properly acquire the operations...

User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows

The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...

SUSE CVE-2024-57889

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at...

CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

CVE-2024-23339

hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths get, set, and update did not block attempts to access or alter object prototypes. Starting in version...

CVE-2024-23339 hoolock does not block Prototype pollution with object-path related utilities

hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths get, set, and update did not block attempts to access or alter object prototypes. Starting in version...

Welotec TK500 访问控制错误漏洞

The Welotec TK500 is an industrial-grade 4G LTE router from Welotec. The Welotec TK500 suffers from an access control error vulnerability that originates from the fact that an unauthenticated, remote attacker who knows the name of the MQTT topic can send and receive messages, including GET/SET...

deep-get-set prototype contamination vulnerability

deep-get-set is used to set and obtain values on objects via dotted strings. deep-get-set package in all versions suffers from a prototype pollution vulnerability that stems from the vulnerability of products to uncontrolled modification of object prototype properties. An attacker could exploit...

Prototype Pollution

deep-get-set is vulnerable to prototype pollution. The vulnerability exists due to an incomplete fix of CVE-2020-7715, allowing an attacker to get control of value of “deep” and modify attributes such as proto, constructor and prototype...

@draadnl/openstad-cms (>=0.12.2 <=0.12.3), @ngodn/apostrophe (>=2.94.2 <=2.94.7) +38 more potentially affected by CVE-2022-21231 via deep-get-set (>=0.1.1 <=1.1.1)

deep-get-set NPM version =0.1.1, =0.12.2, =2.94.2, =1.3.0, =0.0.1, =0.5.235, =2.94.1, =0.5.0, =0.5.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =2.93.0, =2.93.2 and more Source cves: CVE-2022-21231 Source advisory: OSV:GHSA-MJJJ-6P43-VHHV...

Prototype Pollution in deep-get-set

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715...

GHSA-MJJJ-6P43-VHHV Prototype Pollution in deep-get-set

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715...