Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Cvelist
Cvelistadded 2026/03/27 10:15 p.m.22 views

CVE-2026-33994 Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...

6.3CVSS0.0007EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/03/27 12:0 a.m.2 views

Locutus 安全漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus from 2.0.39 to 3.0.25 contained security vulnerabilities. These vulnerabilities stemmed from a bypassable prototype pollution protection mechanism in the parsestr function, which could lead to prototype polluti...

9.8CVSS5.8AI score0.0007EPSS
Exploits1References4
OSV
OSVadded 2026/02/02 10:21 p.m.3 views

GHSA-RXRV-835Q-V5MH locutus is vulnerable to Prototype Pollution

Summary A Prototype Pollution vulnerability exists in the the npm package locutus 2.0.12. Despite a previous fix that attempted to mitigate Prototype Pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using...

9.4CVSS6.2AI score0.00018EPSS
Exploits1References4
Rows per page
Query Builder