CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

CVE-2026-44490

CVE-2026-44490 affects Axios prior to 0.32.0 and 1.16.0. Two read-side prototype-pollution gadgets allow polluted Object.prototype to affect request headers (lib/utils.js) and Object.defineProperty usage (lib/core/mergeConfig.js), causing polluted values to ride in headers and potentially TypeErr...

4.8CVSS5.5AI score

Exploits0References1

Cvelist•added yesterday•15 views

CVE-2026-44490 Axios: DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process e.g. lodash .merge / CVE-2018-16487, axios silently picks up the...

4.8CVSS

Exploits0References1

CNNVD•added 2026/04/06 12:0 a.m.•5 views

defu 安全漏洞

Defu is a lightweight tool library developed by UnJS for recursively merging default values. Versions of Defu prior to 6.1.5 contained security vulnerabilities; these vulnerabilities stemmed from the practice of passing uncleaned user input into the Defu functions, which could lead to prototype...

7.5CVSS5.8AI score0.00018EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-0225

Malware in sbrugna...

6.8CVSS6AI score0.00468EPSS

Exploits2References8

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-52320

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00025EPSS

Exploits0References1

OSV•added 2024/12/04 12:15 p.m.•4 views

CVE-2024-54156

In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack...

6.5CVSS5.8AI score0.00025EPSS

Exploits0References1

Vulnrichment•added 2024/12/04 11:16 a.m.•6 views

CVE-2024-54156

In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack...

4.2CVSS7.2AI score0.00025EPSS

Exploits0References1

CVE•added 2024/12/04 11:16 a.m.•49 views

CVE-2024-54156

CVE-2024-54156 is linked to JetBrains YouTrack prior to 2024.3.52635, where multiple merge functions are vulnerable to a prototype pollution attack. The issue stems from uncontrolled modification of object prototype properties within the merge functions, enabling an attacker to alter object proto...

6.5CVSS7AI score0.00025EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/12/04 11:16 a.m.•14 views

CVE-2024-54156

In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack...

4.2CVSS0.00025EPSS

Exploits0References1

Positive Technologies•added 2024/11/29 12:0 a.m.•3 views

PT-2024-9170 · Jetbrains · Jetbrains Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.52635 Description: The issue is related to an uncontrolled modification of object prototype attributes in the data merge functions of JetBrains YouTrack. This can allow a remote attacker to implemen...

6.5CVSS7.2AI score0.00025EPSS

Exploits0References8

CNNVD•added 2021/06/17 12:0 a.m.•3 views

lutils 安全漏洞

lutils is a library of front-end code snippet collection tools. A security vulnerability exists in the lutils package that stems from the vulnerability of main merge functions to prototype contamination...

9.8CVSS8.4AI score0.00391EPSS

Exploits1References3

Snyk•added 2018/08/31 6:21 p.m.•2 views

Prototype Pollution

Overview lodash.mergewith is a Lodash method .mergewith exported as a Node.js module. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is due to ...

7.3CVSS6.9AI score0.00468EPSS

Exploits3References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by