CVE-2026-32147

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

CVE-2025-71239

In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class fchmodat2, introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2 to change a file attribute in the same fashion than chmod or fchmodat...

EUVD-2026-9005

A flaw was found in Keycloak. An administrator with manage-users permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the syste...

Prototype Pollution

baobab is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the merger function in helpers.js and modify attributes such as proto, constructor, and other prototype base objects...

Prototype Pollution

grunt-util-property is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Prototype Pollution

deep-get-set is vulnerable to prototype pollution. The vulnerability exists due to an incomplete fix of CVE-2020-7715, allowing an attacker to get control of value of “deep” and modify attributes such as proto, constructor and prototype...

Prototype Pollution

convict is vulnerable to prototype pollution.A bypass of the fix for CVE-2022-22143 is possible which allows an attacker to inject properties into existing construct prototypes via the main.js and modify attributes such as proto, constructor, and prototype...

TeamPass Improper Privilege Management

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user including admin, or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an...

Prototype Pollution

simple-plist is vulnerable to prototype pollution. The vulnerability exists because the validations are not handled properly which allows an attacker to inject properties into existing construct prototypes and modify attributes via .parse function...

Prototype Pollution

mixme is vulnerable to prototype pollution. The function mutate and merge allows an attacker to get control of value of “path” and modify attributes such as proto, constructor and prototype...

Prototype Pollution

node-forge is vulnerable to prototype pollution. The vulnerability exists through the 'debug.set' function in 'debug.js' , allowing an attacker to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Prototype Pollution

js-data is vulnerable to pollution prototype. The vulnerability exists due to an incomplete fix of CVE-2020-28442. A remote attacker is able to inject arbitrary properties into existing construct prototypes and modify attributes via the deepFillIn and the set functions resulting in prototype...

Prototype Pollution

merge-deep2 is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes via merge function...

Prototype Pollution

dotty is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the put function and modify attributes such as proto, constructor, and prototype...

Prototype Pollution

nedb is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Prototype Pollution

nconf-toml is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Prototype Pollution

js-extend is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Prototype Pollution

deep-override is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the override function...

Prototype Pollution

msgpack5 is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Prototype Pollution

dynamoose is vulnerable to prototype pollution. The vulnerability exists through lib/utils/object/set.ts where an attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...