UBUNTU-CVE-2025-13465

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original...

Prototype Pollution

ioredis is vulnerable to prototype pollution. The vulnerability exists as the reply transformer does not check for special field names and mishandles malicious keys proto, which could, at worst, result in a denial of service condition due to limitations of not being able to overwrite global...

DEBIAN-CVE-2018-3719

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

LastPass Isolated World Global Properties Remote Code Execution Vulnerability

LastPass LastPass Password Manager is a free cross-platform online password management tool from LastPass, Inc. in the United States. The tool can be integrated with browsers and provides them with password management, autofill forms and other features, support for random password generation,...

LastPass: global properties can be modified across isolated worlds, allowing remote code execution

A major part of the LastPass password manager is content scripts, additional privileged javascript that is injected into pages and can change or monitor content. LastPass use content scripts to search webpages for forms, add additional UI elements, and so on. The reason that it's safe to have...