CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

RedhatCVE•added 2026/01/09 9:33 a.m.•1 views

CVE-2024-39011

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via the function mergeObjects...

9.8CVSS7.8AI score0.00442EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:10 a.m.•4 views

CVE-2024-39012

ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.8CVSS6.2AI score0.00158EPSS

Exploits1References1

Snyk•added 2025/01/28 11:42 p.m.•2 views

Prototype Pollution

Overview org.webjars.npm:redoc is an OpenAPI/Swagger-generated API Reference Documentation. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects method in utils/helpers.ts due to improper user input sanitization. PoC js async = const lib = await...

7.5CVSS8.1AI score0.00045EPSS

Exploits1References2

OSV•added 2024/07/30 8:15 p.m.•0 views

CVE-2024-39011

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via the function mergeObjects...

9.8CVSS6AI score0.00442EPSS

Exploits1References1

OSV•added 2024/07/30 8:15 p.m.•0 views

CVE-2024-39012

9.8CVSS6.1AI score

Exploits0References1

CNNVD•added 2024/07/30 12:0 a.m.•1 views

Redoc 安全漏洞

Redoc is an open source tool from Redocly Open Source. It is used to generate documentation from OpenAPI definitions. A security vulnerability exists in Redoc version v2.0.9-rc.69. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service denial of servic...

9.8CVSS7.5AI score0.00442EPSS

Exploits1References2

CVE•added 2024/07/30 12:0 a.m.•50 views

CVE-2024-39011

CVE-2024-39011 : Multiple sources identify a prototype pollution vulnerability in the ChargeOver Redoc package, version 2.0.9-rc.69 , exploitable via the function mergeObjects . Public descriptions attribute potential for arbitrary code execution and Denial of Service (DoS) , with impacts on conf...

9.8CVSS7.9AI score0.00442EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2024/07/30 12:0 a.m.•1 views

PT-2024-28321 · Unknown · Chargeover Redoc

Name of the Vulnerable Software and Affected Versions: chargeover redoc version 2.0.9-rc.69 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS and have other impacts via the mergeObjects function. Recommendations: For chargeover redoc version...

9.8CVSS8.3AI score0.00442EPSS

Exploits1References4

Vulnrichment•added 2024/07/30 12:0 a.m.•9 views

CVE-2024-39012

8.2AI score0.00158EPSS

Exploits1References1

Positive Technologies•added 2024/07/30 12:0 a.m.•3 views

PT-2024-28322 · Ais · Ais-Ltd Strategyen

Name of the Vulnerable Software and Affected Versions: ais-ltd strategyen version 0.4.0 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties using the mergeObjects function. This is a result of prototype pollution...

9.8CVSS8.1AI score0.00158EPSS

Exploits1References5

CNNVD•added 2024/07/30 12:0 a.m.•2 views

ais-ltd strategyen 安全漏洞

ais-ltd strategyen is a UK AIS application. A security vulnerability exists in ais-ltd strategyen version v0.4.0, which stems from the discovery of inclusion prototype contamination via the mergeObjects function. An attacker could exploit this vulnerability to execute arbitrary code or cause a...

9.8CVSS7.6AI score0.00158EPSS

Exploits1References2

Github Security Blog•added 2021/05/17 9:0 p.m.•67 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs

Overview casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects utility function. PoC js var payload = JSON.parse'"proto": "a": "pwned"'; mergeObjects, payload; console.log.a; //...

9.8CVSS8.7AI score0.00774EPSS

Exploits1References5Affected Software1

Veracode•added 2020/06/22 4:38 a.m.•16 views

Prototype Pollution

casperjs is vulnerable to prototype pollution. The mergeObjects function in utils.js does not validate object types and allows an attacker to inject arbitrary properties to overwrite proto or constructor attributes...

9.8CVSS4.5AI score0.00774EPSS

Exploits1References2Affected Software1

CNVD•added 2020/06/22 12:0 a.m.•5 views

CasperJS Input Validation Error Vulnerability

CasperJS is a navigation script and test utility for the PhantomJS and SlimerJS browsers. An input validation error vulnerability exists in the 'mergeObjects' function in all versions of CasperJS. An attacker can exploit this vulnerability to execute arbitrary code...

9.8CVSS7.3AI score0.00774EPSS

Exploits1

NVD•added 2020/06/19 11:15 a.m.•11 views

CVE-2020-7679

In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution...

9.8CVSS0.00774EPSS

Exploits1References3

CVE•added 2020/06/19 10:40 a.m.•48 views

CVE-2020-7679

CasperJS is affected by a Prototype Pollution vulnerability in the mergeObjects utility function across all versions. The issue allows an attacker to inject properties into Object.prototype (via proto or similar paths), potentially polluting prototypes and enabling unintended behavior. Documented...

9.8CVSS8.4AI score0.00774EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by