Lucene search
+L

2956 matches found

CVE
CVE
added yesterday10 views

CVE-2026-54335

Feathersjs contains a prototype-pollution vulnerability in the lodash-like merge helper: @feathersjs/commons .merge. In versions up to 5.0.44, merging a source object that originates from JSON.parse and contains proto , constructor, or prototype keys causes the merge to access target['proto '], m...

3.7CVSS5.3AI score
Exploits0References4
Cvelist
Cvelist
added yesterday16 views

CVE-2026-15343 Path traversal vulnerability in GitHub Enterprise Server allowed writing files to arbitrary repository paths, including GitHub Actions workflow files, via unchecked Dependabot dependency-file paths

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker who had code execution inside the Dependabot updater container to write files to arbitrary repository paths, including GitHub Actions workflow files under .github/workflows/ as the path validation d...

8.6CVSS
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-45189

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker who had code execution inside the Dependabot updater container to write files to arbitrary repository paths, including GitHub Actions workflow files under .github/workflows/ as the path validation d...

8.6CVSS6.3AI score
Exploits0References5
NVD
NVD
added 3 days ago8 views

CVE-2026-52893

Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan Accounts.onCreateUser hook in server/models/users.js merges OIDC logins into existing accounts when the OIDC email or username matches an existing Wekan user, without verifying ownership or checking emailverified. An attacker...

9.2CVSS0.00302EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-52893 Wekan: OIDC Account Takeover via Unconditional Email-Based Account Merge in onCreateUser hook

Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan Accounts.onCreateUser hook in server/models/users.js merges OIDC logins into existing accounts when the OIDC email or username matches an existing Wekan user, without verifying ownership or checking emailverified. An attacker...

9.2CVSS0.00302EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 4 days ago6 views

Prototype pollution in @feathersjs/commons _.merge via JSON-parsed __proto__

Impact The .mergetarget, source utility exported by @feathersjs/commons recursively merges source into target by iterating Object.keyssource. When source was produced by JSON.parse and contains a proto or constructor / prototype key, that key is returned as an own-enumerable property. The recursi...

3.7CVSS6.1AI score
Exploits0References5Affected Software1
NVD
NVD
added 4 days ago8 views

CVE-2026-15736

Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection through attacker-controlled input keys. An attacker may be able to exploit this through request...

8.3CVSS0.00267EPSS
Exploits0References1
OSV
OSV
added 4 days ago4 views

CVE-2026-15736 Multiple SQL/DDL Injection and Arbitrary File Read Vulnerabilities in snowflake-sqlalchemy

Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection through attacker-controlled input keys. An attacker may be able to exploit this through request...

8.3CVSS6.1AI score0.00267EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-59869

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6.9AI score0.0037EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-60100

Name of the Vulnerable Software and Affected Versions @feathersjs/commons versions prior to 5.0.45 Description The .mergetarget, source utility recursively merges a source object into a target object by iterating through Object.keyssource. If the source object is generated via JSON.parse and...

3.7CVSS5.5AI score
Exploits0References7
RedHat Linux
RedHat Linux
added 6 days ago4 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6AI score0.0037EPSS
Exploits1References9
CVE
CVE
added last week14 views

CVE-2026-56763

CVE-2026-56763 affects Hono prior to 4.12.7. The parseBody function with dot option enabled accepts proto in field names, allowing prototype pollution when parsed results are merged into regular objects via unsafe merge patterns. Impacted behavior includes modification of object prototypes and po...

6.3CVSS6.1AI score0.00177EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/11 4:58 a.m.6 views

js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document that repeatedly uses the same alias in a merge sequence. This can lead to algorithmic CPU exhaustion, causing the Node.js worker or eve...

5.3CVSS6.2AI score0.00259EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/11 4:58 a.m.4 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6AI score0.0037EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/07/11 1:14 a.m.4 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6AI score0.0037EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/07/10 5:14 a.m.6 views

js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document that repeatedly uses the same alias in a merge sequence. This can lead to algorithmic CPU exhaustion, causing the Node.js worker or eve...

5.3CVSS6.6AI score0.00259EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/10 5:14 a.m.6 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6.9AI score0.0037EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/07/10 3:39 a.m.4 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6AI score0.0037EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/07/10 3:35 a.m.5 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6AI score0.0037EPSS
Exploits1References9
EUVD
EUVD
added 2026/07/09 9:9 p.m.12 views

EUVD-2026-38358

pypdf: Possible infinite loop when processing threads/articles in writer...

6.9CVSS5.9AI score0.00111EPSS
Exploits0References4
Rows per page
Query Builder