96 matches found
CVE-2026-31216
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...
EUVD-2020-1425
Malware in sbrugna...
EUVD-2021-2112
Malware in sbrugna...
EUVD-2022-1036
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-23434
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the...
Linux Distros Unpatched Vulnerability : CVE-2021-3805
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' CVE-2021-3805 Note that Nessus relies on th...
@xizhouh/former (>=0.0.1 <=1.1.1), @xizhouh/formless (>=0.0.1 <=0.0.6) +1 more potentially affected by unknown CVE via set-object-path (=2.0.1)
set-object-path NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on set-object-path and may be impacted: - @xizhouh/former =0.0.1, =0.0.1, =0.3.0, =0.3.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-33017...
Malicious code in change-object-path (npm)
The package change-object-path was found to contain malicious code...
MAL-2025-16781 Malicious code in change-object-path (npm)
The package change-object-path was found to contain malicious code...
MAL-2025-33017 Malicious code in set-object-path (npm)
The package set-object-path was found to contain malicious code...
Malicious code in set-object-path (npm)
The package set-object-path was found to contain malicious code...
Security Bulletin: There is a vulnerablity in the object-path library affecting IBM watsonx Code Assistant IDE Extensions
Summary There is a vulnerablity in the object-path library affecting IBM watsonx Code Assistant IDE Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-23434 DESCRIPTION: Node.js object-path module could allow a remote attack...
UIOMatic 注入漏洞
UIOMatic is a tool by Tim Geyssens personal developer. It automatically generates an integrated crud UI for npoco poco based db tables. An injection vulnerability exists in UIOMatic version 5, which stems from the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r that can lead to S...
CVE-2021-3805
A flaw was found in the object-path nodejs library when the del function is called to validate object properties. An attacker can manipulate or alter the prototype of an object causing the modification of default properties on all objects. This could lead into a service disruption or a denial of...
Prototype pollution not blocked by object-path related utilities in hoolock
Impact Utility functions related to object paths get, set and update did not block attempts to access or alter object prototypes. Patches The get, set and update functions will throw a TypeError when a user attempts to access or alter inherited properties in versions =2.2.1...
GHSA-4C2G-HX49-7H25 Prototype pollution not blocked by object-path related utilities in hoolock
Impact Utility functions related to object paths get, set and update did not block attempts to access or alter object prototypes. Patches The get, set and update functions will throw a TypeError when a user attempts to access or alter inherited properties in versions =2.2.1...
CVE-2024-23339 hoolock does not block Prototype pollution with object-path related utilities
hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths get, set, and update did not block attempts to access or alter object prototypes. Starting in version...
CVE-2024-23339 hoolock does not block Prototype pollution with object-path related utilities
hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths get, set, and update did not block attempts to access or alter object prototypes. Starting in version...
CLSA-2023-1701801241 Fix of 8 CVEs
CVE-url: https://ubuntu.com/security/CVE-2023-45871 - igb: Limit maximum frame Rx based on MTU - igb: Only sync size of expected frame in ethtool testing - igb: Add support for ethtool private flag to allow use of legacy Rx - igb: Add support for using order 1 pages to receive large frames - igb:...
Ubuntu: Security Advisory (USN-5967-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...