Lucene search
K

94 matches found

Snyk
Snyk
added 2026/03/31 11:2 p.m.5 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped path segments, potentially impacting application behaviour. Notes: 1 Version 4.18.0 was intend...

7.9CVSS6.4AI score0.01535EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 11:2 p.m.6 views

Prototype Pollution

Overview lodash-amd is a Lodash exported as AMD modules. Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped path segments, potentially impacting applicati...

7.9CVSS6.4AI score0.01535EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 8:16 p.m.19 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS0.00317EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 8:16 p.m.3 views

DEBIAN-CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

5.3CVSS5.3AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 8:16 p.m.7 views

UBUNTU-CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/31 8:16 p.m.5 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 7:18 p.m.21 views

CVE-2026-2950 lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS0.00317EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 7:18 p.m.6 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

7.9CVSS5.9AI score0.01535EPSS
Exploits0References2Affected Software4
Vulnrichment
Vulnrichment
added 2026/03/31 7:18 p.m.1 views

CVE-2026-2950 lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 7:18 p.m.82 views

CVE-2026-2950

CVE-2026-2950 affects lodash ≤ 4.17.23, enabling prototype pollution via array-wrapped path segments in _.unset and _.omit. The attack can delete properties from built-in prototypes (Object.prototype, Number.prototype, String.prototype) without overwriting behavior. The issue is patched in lodash...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References1Affected Software4
Debian CVE
Debian CVE
added 2026/03/31 7:18 p.m.6 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS5.3AI score0.00317EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29328

Name of the Vulnerable Software and Affected Versions Lodash versions prior to 4.18.0 Description Lodash versions 4.17.23 and earlier are susceptible to prototype pollution through the .unset and .omit functions. The initial fix did not fully address the issue, as an attacker can bypass the check...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References339
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

lodash 安全漏洞

lodash is an open-source JavaScript utility library developed by Lodash Utilities. Lodash versions 4.17.23 and earlier contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution in the .unset and .omit functions, which could lead to the deletion of properties that...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/16 5:11 p.m.12 views

lodash: prototype pollution in _.unset and _.omit functions

A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...

8.2CVSS5.8AI score0.01535EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.3 views

openSUSE 16 Security Update : cockpit-podman (openSUSE-SU-2026:20336-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20336-1 advisory. - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global prototypes bsc1257324. Tenable has...

8.2CVSS6.6AI score0.01535EPSS
Exploits0References3
OSV
OSV
added 2026/03/09 10:47 a.m.2 views

OPENSUSE-SU-2026:20336-1 Security update for cockpit-podman

This update for cockpit-podman fixes the following issues: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global prototypes bsc1257324...

8.2CVSS5.8AI score0.01535EPSS
Exploits0References2
OSV
OSV
added 2026/03/09 10:46 a.m.5 views

SUSE-SU-2026:20688-1 Security update for cockpit-podman

This update for cockpit-podman fixes the following issues: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global prototypes bsc1257324...

8.2CVSS7.3AI score0.01535EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/06 11:0 a.m.11 views

lodash: prototype pollution in _.unset and _.omit functions

A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...

8.2CVSS5.7AI score0.01535EPSS
Exploits0References5
OSV
OSV
added 2026/03/04 3:44 p.m.3 views

SUSE-SU-2026:20653-1 Security update for cockpit

This update for cockpit fixes the following issues: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global prototypes bsc1257324...

8.2CVSS5.8AI score0.01535EPSS
Exploits0References3
OSV
OSV
added 2026/03/04 6:24 a.m.2 views

SUSE-SU-2026:20695-1 Security update for cockpit-machines

This update for cockpit-machines fixes the following issues: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global prototypes bsc1257325...

8.2CVSS6.5AI score0.01535EPSS
Exploits0References3
Rows per page
Query Builder