CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

127 matches found

Github Security Blog•added 2021/11/23 9:15 p.m.•39 views

Prototype Pollution in algoliasearch-helper

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...

9.8CVSS5.1AI score0.00235EPSS

Exploits1References5Affected Software1

OSV•added 2021/11/23 9:15 p.m.•27 views

GHSA-VPF5-82C8-9V36 Prototype Pollution in algoliasearch-helper

9.8CVSS9.4AI score0.00235EPSS

Exploits1References5

NVD•added 2021/11/19 8:15 p.m.•9 views

CVE-2021-23433

9.8CVSS0.00235EPSS

Exploits1References3

Prion•added 2021/11/19 8:15 p.m.•17 views

Design/Logic Flaw

6.8CVSS9.4AI score0.00235EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2021/11/19 7:20 p.m.•3 views

CVE-2021-23433

9.8CVSS5.6AI score0.00235EPSS

Exploits1References4

Snyk•added 2021/10/03 1:34 p.m.•1 views

Prototype Pollution

Overview merge-deep2 is a Recursively merge values in a javascript object. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function. PoC // Create the following PoC file: // PoC.js var mergeDeep2 = require"merge-deep2" var obj = var maliciouspayload =...

9.8CVSS9.1AI score0.00477EPSS

Exploits1References2

Positive Technologies•added 2021/09/17 12:0 a.m.•3 views

PT-2021-22477 · Apache · Apache Echarts

Name of the Vulnerable Software and Affected Versions: ZRender versions prior to 5.2.1 Apache ECharts versions prior to 5.2.1 Description: The issue results in prototype pollution when using merge and clone helper methods in the src/core/util.ts module. It affects Apache ECharts, which uses and...

9.8CVSS9.4AI score0.00265EPSS

Exploits0References9

OSV•added 2021/09/07 3:15 p.m.•1 views

UBUNTU-CVE-2021-39253

A crafted NTFS image can cause an out-of-bounds read in ntfsrunlistsmergei in NTFS-3G 2021.8.22...

7.8CVSS6.8AI score0.00019EPSS

Exploits0References5

OSV•added 2021/09/02 10:1 p.m.•23 views

GHSA-58G2-9FQR-36Q2 Prototype Pollution in Proto

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

7.5CVSS7.5AI score0.00263EPSS

Exploits1References4

Github Security Blog•added 2021/09/02 10:1 p.m.•72 views

Prototype Pollution in Proto

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

7.5CVSS4.7AI score0.00263EPSS

Exploits1References4Affected Software1

Veracode•added 2021/09/02 1:44 a.m.•10 views

Prototype Pollution

Proto is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the merge function...

7.5CVSS4.8AI score0.00263EPSS

Exploits1References2Affected Software1

NVD•added 2021/09/01 3:15 p.m.•10 views

CVE-2021-23426

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

7.5CVSS0.00263EPSS

Exploits1References2

Prion•added 2021/09/01 3:15 p.m.•9 views

Design/Logic Flaw

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

5CVSS7.5AI score0.00263EPSS

Exploits1References2

CVE•added 2021/09/01 2:25 p.m.•44 views

CVE-2021-23426

Proto is vulnerable to prototype pollution via the merge function across all versions. The root cause is an unsafe recursive merge (and related path-based pollution) that can inject properties into Object.prototype (proto , constructor, prototype). Potential impact includes DoS and possible remot...

7.5CVSS6.3AI score0.00263EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/09/01 2:25 p.m.•14 views

CVE-2021-23426 Prototype Pollution

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

5.6CVSS7.7AI score0.00263EPSS

Exploits1References2

ATTACKERKB•added 2021/09/01 2:23 p.m.•1 views

CVE-2021-23426

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

7.5CVSS5.3AI score0.00263EPSS

Exploits1References3

Snyk•added 2021/07/08 4:3 p.m.•2 views

Prototype Pollution

Overview Proto is an An extensible program-code-template for creating objects Affected versions of this package are vulnerable to Prototype Pollution. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function. PoC var proto = require'Proto...

7.5CVSS8AI score0.00263EPSS

Exploits1References2

CNVD•added 2021/07/06 12:0 a.m.•12 views

Unspecified vulnerability in ts-nodash

ts-nodash is a tool that provides object manipulation. A security vulnerability exists in ts-nodash that stems from a lack of validated input, and all versions of package -nodash are vulnerable to prototype contamination via the Merge function. No detailed vulnerability details are provided at th...

9.8CVSS6.7AI score0.0053EPSS

Exploits1References1

OSV•added 2021/07/02 5:15 p.m.•2 views

CVE-2021-23403

All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge function due to lack of validation input...

9.8CVSS7.3AI score0.0053EPSS

Exploits1References2

NVD•added 2021/07/02 5:15 p.m.•8 views

CVE-2021-23403

All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge function due to lack of validation input...

9.8CVSS0.0053EPSS

Exploits1References2