CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

Tenable Nessus•added 2025/08/18 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2019-20149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by...

7.5CVSS6.7AI score0.00214EPSS

Exploits1References2

Microsoft CVE•added 2024/09/11 7:0 a.m.•6 views

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name as demonstrated by 'constructor': {'name':'Symbol'}. Hence a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

...

7.5CVSS7.7AI score0.00214EPSS

Exploits1

Tenable Nessus•added 2024/05/11 12:0 a.m.•23 views

RHEL 8 : nodejs-kind-of (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-kind-of: ctorName in index.js allows external user input to overwrite certain internal attributes...

8.6AI score0.00214EPSS

Exploits1References1

IBM Security Bulletins•added 2023/08/01 2:54 p.m.•58 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

9.8CVSS9.6AI score0.04807EPSS

Exploits5Affected Software1

SUSE CVE•added 2023/02/15 4:5 a.m.•1 views

SUSE CVE-2019-20149

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

7.5CVSS7.3AI score0.00214EPSS

Exploits1References2

The Hacker News•added 2021/11/08 2:39 p.m.•131 views

Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on SSO solution. The spying...

9.8CVSS10AI score0.94412EPSS

Exploits8

RedhatCVE•added 2021/05/13 5:51 a.m.•157 views

CVE-2019-20149

A flaw was found in nodejs-kind-of. An external user is allowed input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

7.5CVSS3.1AI score0.00214EPSS

Exploits1References4

OSV•added 2020/03/31 3:59 p.m.•2 views

GHSA-6C8F-QPHG-QJGP Validation Bypass in kind-of

Versions of kind-of 6.x prior to 6.0.3 are vulnerable to a Validation Bypass. A maliciously crafted object can alter the result of the type check, allowing attackers to bypass the type checking validation. Recommendation Upgrade to versions 6.0.3 or later...

7.5CVSS6.8AI score0.00214EPSS

Exploits1References6

Github Security Blog•added 2020/03/31 3:59 p.m.•104 views

Validation Bypass in kind-of

7.5CVSS4.9AI score0.00214EPSS

Exploits1References7Affected Software1

vulnersOsv•added 2020/03/31 3:59 p.m.•2 views

@copart/ops-tool-kit (>=0.0.37 <=0.0.53), @openfin/multer-s3 (>=2.0.0 <=2.2.0) +4 more potentially affected by CVE-2019-20149 via kind-of (=6.0.2)

kind-of NPM version =6.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on kind-of and may be impacted: - @copart/ops-tool-kit =0.0.37, =2.0.0, =0.0.1, =0.0.3, =0.1.0, =1.2.6 Source cves: CVE-2019-20149 Source advisory: OSV:GHSA-6C8F-QPHG-QJGP...

7.5CVSS7.1AI score0.00214EPSS

Exploits1

Node.js•added 2020/03/06 9:22 p.m.•19 views

Validation Bypass

Overview Versions of kind-of 6.x prior to 6.0.3 are vulnerable to a Validation Bypass. A maliciously crafted object can alter the result of the type check, allowing attackers to bypass the type checking validation. Recommendation Upgrade to versions 6.0.3 or later. References - GitHub issue -...

6.9AI score

Exploits0Affected Software1

CNVD•added 2020/01/03 12:0 a.m.•2 views

kind-of injection vulnerability

kind-of is a JavaScript type checking package. An injection vulnerability exists in the 'ctorName' function of the index.js file in kind-of version v6.0.2, which can be exploited by an attacker to override internal attributes and manipulate the results of type checking...

7.5CVSS8.8AI score0.00214EPSS

Exploits1References1

OSV•added 2019/12/30 7:15 p.m.•3 views

AZL-44298 CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4

7.5CVSS7.2AI score0.00214EPSS

Exploits1References1

OSV•added 2019/12/30 7:15 p.m.•21 views

CVE-2019-20149

7.5CVSS6.4AI score

Exploits0References2