12 matches found
CVE-2026-42077
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...
CVE-2026-42077
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...
CVE-2026-42077 Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...
CVE-2026-42077
Evolver (package @evomap/evolver) is affected by a prototype pollution flaw in the mailbox store operations, introduced via Object.assign in _applyUpdate()/_updateRecord(). An attacker can pollute Object.prototype by injecting dangerous keys (e.g., proto , constructor, prototype) through crafted ...
EUVD-2026-27012
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...
CVE-2026-42077
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...
CVE-2026-42077 Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...
PT-2026-36855
Name of the Vulnerable Software and Affected Versions Evolver versions prior to 1.69.3 Description A prototype pollution issue in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The flaw occurs...
GHSA-2CJR-5V3H-V2W4 Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations
Summary A prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the applyUpdate and updateRecord functions which use Object.assign to merg...
Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations
Summary A prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the applyUpdate and updateRecord functions which use Object.assign to merg...
EUVD-2022-1194
Malicious code in bioql PyPI...
CVE-2022-22931
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores limited to user names being prefixed by the value of the username being used...