Lucene search
K

6 matches found

Snyk
Snyk
added 2026/05/07 6:30 p.m.10 views

Prototype Pollution

Overview parse-ini is a Parse ini file to get the content and variables of the ini file as node object. Affected versions of this package are vulnerable to Prototype Pollution via the index.js file. An attacker can manipulate object properties and potentially execute arbitrary code or alter...

9.8CVSS6.5AI score0.00416EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.5 views

PT-2026-26989

UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to...

6.9CVSS6.1AI score0.00263EPSS
Exploits0References5
Snyk
Snyk
added 2025/11/05 12:52 a.m.4 views

Prototype Pollution

Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute arbitrary JavaScript code by providing...

9.8CVSS8.1AI score0.02199EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-0412

Malware in sbrugna...

5CVSS6.4AI score0.01881EPSS
Exploits0References7
Snyk
Snyk
added 2022/01/19 8:53 a.m.4 views

Prototype Pollution

Overview deep-get-set is a Set and get values on objects via dot-notation strings. Affected versions of this package are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715 POC: js let deep = require'deep-get-set';...

9.8CVSS9AI score0.01965EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2014/10/14 7:22 a.m.4 views

chromium: multiple security fixes in Chrome 38.0.2125.101

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted JavaScript code that...

7.5CVSS7.6AI score0.01403EPSS
Exploits0References5
Rows per page
Query Builder