Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

194 matches found

Snyk
Snykadded 2026/03/19 5:43 p.m.3 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate the prototype chain by supplying a specially crafted string that causes the returned object to reference Array.prototype, allowing subsequent writes to that property...

9.8CVSS6.6AI score0.0007EPSS
Exploits1References2
OSV
OSVadded 2026/03/19 5:43 p.m.0 views

GHSA-RF6F-7FWH-WJGH Prototype Pollution via parse() in NodeJS flatted

--- Summary The parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "\proto\" returns Array.prototype via the...

9.3CVSS6.1AI score0.0007EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2026/03/12 2:13 p.m.4 views

devalue has prototype pollution in devalue.parse and devalue.unflatten

In devalue v5.6.3, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service DoS or type confusion...

7.5CVSS5.8AI score0.00143EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/12 11:27 a.m.2 views

CVE-2026-30226

A flaw was found in the Svelte devalue JavaScript library. A remote attacker could exploit a prototype pollution vulnerability by sending maliciously crafted payloads to the devalue.parse or devalue.unflatten functions. Successful exploitation of this flaw could lead to a Denial of Service DoS...

7.5CVSS5.8AI score0.00143EPSS
Exploits0References4
Snyk
Snykadded 2026/03/11 8:43 p.m.3 views

Prototype Pollution

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Prototype Pollution via the parse or unflatten functions. An attacker can manipulate object prototype...

7.5CVSS6.3AI score0.00143EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/11 5:47 p.m.1 views

CVE-2026-30226

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

6.3CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/03/11 5:47 p.m.25 views

CVE-2026-30226 devalue has prototype pollution in devalue.parse and devalue.unflatten

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

6.3CVSS0.00143EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/01/29 12:0 a.m.3 views

Monkey Server security vulnerabilities

Monkey Server is an open-source HTTP server developed by Monkey I/O. There is a security vulnerability in Monkey Server, which stems from a null pointer dereferencing in the mkhttprangeparse function. This vulnerability may lead to denial-of-service attacks...

7.5CVSS5.8AI score0.01291EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/01/16 9:5 a.m.3 views

CVE-2026-22775

A flaw was found in devalue, a JavaScript library used for serializing values. A remote attacker could exploit this vulnerability by providing specially crafted input to the devalue.parse function. This improper input validation, specifically during the ArrayBuffer hydration process, can cause th...

7.5CVSS6.1AI score0.00039EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2025/12/08 12:0 a.m.2 views

PT-2025-49475

In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vector config If the return value of the uml parse vector ifspec function is NULL, we should call kfreeparams to prevent memory leak...

6.4AI score0.0004EPSS
Exploits0References8
Veracode
Veracodeadded 2025/11/13 7:36 a.m.2 views

Improper Input Validation

github.com/nyaruka/phonenumbers is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of syntactic correctness in the phonenumbers.Parse function, which allows an attacker to provide crafted input and cause a panic resulting in a “runtime error: slice...

7.5CVSS6.9AI score0.00138EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2025/10/30 12:31 a.m.2 views

EUVD-2025-36735

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

5.3CVSS6.3AI score0.00024EPSS
Exploits0References5
OSV
OSVadded 2025/10/29 11:16 p.m.3 views

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

5.3CVSS5.8AI score
Exploits0References5
OSV
OSVadded 2025/10/29 11:16 p.m.2 views

AZL-78905 CVE-2025-47912 affecting package golang 1.25.7-1

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

5.3CVSS6.9AI score0.00024EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/10/29 12:0 a.m.1 views

Google Go 安全漏洞

Google Go is a static strongly-typed, compiled, concatenated, and garbage-collected programming language from Google, Inc USA. A security vulnerability exists in Google Go that stems from the Parse function not properly validating the IPv6 address format within square brackets in the URL host...

5.3CVSS6.4AI score0.00024EPSS
Exploits0References5
SUSE CVE
SUSE CVEadded 2025/10/08 11:22 p.m.0 views

SUSE CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

8.2CVSS6.9AI score0.00024EPSS
Exploits0References13
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2019-5295

Malware in sbrugna...

7.1CVSS6.6AI score0.00043EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2018-17585

Malware in sbrugna...

7.5CVSS7.6AI score0.01174EPSS
Exploits0References9
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-2057

Malware in sbrugna...

9.8CVSS9.3AI score0.00432EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.0 views

EUVD-2021-1038

Malware in sbrugna...

9.8CVSS9.3AI score0.0041EPSS
Exploits1References3
Rows per page
Query Builder