CVE-2026-42077

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...

CVE-2018-25306

PDFunite 0.41.0 contains a local buffer overflow in processing malformed PDFs during merge, causing a segmentation fault via XRef::getEntry in libpoppler when a crafted PDF is merged. This is a local-impact vulnerability that can crash the pdfunite utility; exploitation details and a validated fi...

@brikcss/rollup-config-generator (>=0.0.15 <=0.0.16), @brikcss/stakcss (>=0.0.0 <=0.9.1) +9 more potentially affected by CVE-2026-6594 via @brikcss/merge (>=1.0.7 <=1.3.0)

@brikcss/merge NPM version =1.0.7, =0.0.15, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.4, =0.0.1, =0.2.0, =0.10.0 Source cves: CVE-2026-6594 Source advisory: OSV:GHSA-3JC6-6R48-V6QF...

EUVD-2026-19740

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limitusercustomervisibility parameter into account when merging customers. This vulnerability is fixed in 1.8.212...

SUSE: Security Advisory (SUSE-SU-2026:20182-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLEANSTART-2026-HJ04971 vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT

Multiple security vulnerabilities affect the postgresql package. A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. See references for individual vulnerability details...

OESA-2026-1021 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

GHSA-MH29-5H37-FV8M js-yaml has prototype pollution in merge (<<)

Impact In js-yaml 4.1.0, 4.0.0, and 3.14.1 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution proto. All users who parse untrusted yaml documents may be impacted. Patches Problem is patched in js-yaml 4.1.1 and 3.14.2...

CVE-2025-64718

CVE-2025-64718 affects js-yaml, allowing prototype pollution via proto when parsing untrusted YAML. The issue is patched in js-yaml 4.1.1 and in 3.14.2. Public IBM bulletins confirm usage of vulnerable js-yaml versions in IBM Maximo components and recommend upgrading to a fixed release (e.g., js-...

CVE-2025-62517 Rollbar.js Prototype Pollution Vulnerability in merge()

Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge. If application code calls rollbar.configure with untrusted input, prototype pollution is possible...

EUVD-2017-8031

Malware in sbrugna...

EUVD-2021-2500

Malware in sbrugna...

EUVD-2021-2043

Malware in sbrugna...

EUVD-2003-0591

Malware in sbrugna...

EUVD-2022-0813

Malicious code in bioql PyPI...

CVE-2025-3193

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

CVE-2021-25953

Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-3645

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

postgresql: MERGE fails to enforce UPDATE or SELECT row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

SUSE CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...