Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 4 days ago5 views

CVE-2026-46625 JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS5.4AI score0.00029EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/05/21 9:20 p.m.13 views

JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

Summary js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property, so the for…in enumerates it and the targetkey = sourcekey write triggers the...

7.5CVSS5.8AI score0.00029EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/21 12:0 a.m.9 views

PT-2026-42689

Name of the Vulnerable Software and Affected Versions js-cookie versions prior to 3.0.7 Description The internal assign function copies properties using a for...in loop and plain assignment. When a source object is created via JSON.parse, the proto member is treated as an own enumerable property...

7.5CVSS5.5AI score0.00029EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packagesadded 2024/01/02 3:40 a.m.2 views

Malicious code in @skip-js/cookie-consent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5576fae3b0649b388c1eb920f54ed752672ecdd3558a0988c30504346de5f0c2 The OpenSSF Package Analysis project identified '@skip-js/cookie-consent' @ 0.8.0 npm as malicious. It is considered malicious because: - The...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2023/06/29 12:0 a.m.3 views

Malicious code in js-cookie-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4db21916d97f75d76cd031171b76c9c5a2223cd3549d141bde479c6babb0569c Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

6.9AI score
Exploits0References2
OSV
OSVadded 2023/06/29 12:0 a.m.12 views

MAL-2023-539 Malicious code in js-cookie-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4db21916d97f75d76cd031171b76c9c5a2223cd3549d141bde479c6babb0569c Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

7AI score
Exploits0References2
Rows per page
Query Builder