Lucene search
K

129154 matches found

CVE
CVE
added yesterday7 views

CVE-2026-15698

CVE-2026-15698 affects kofrasa mingo up to 7.2.1. The vulnerability lies in the Update API’s functions update/updateOne/updateMany, where manipulating the Set argument can lead to prototype pollution of object attributes. The issue is exploitable remotely, and a fix is available in version 7.2.2 ...

6.5CVSS6.3AI score
Exploits0References8
CVE
CVE
added yesterday5 views

CVE-2026-15697

CVE-2026-15697 affects the svgdotjs svg.js library (up to v3.2.5). The vulnerability is in the EventTarget.on function, enabling manipulation that leads to improperly controlled modification of object prototype attributes (prototype pollution). It is described as exploitable remotely with a repor...

6.5CVSS6.4AI score
Exploits0References6
Nuclei
Nuclei
added yesterday24 views

Odoo Apps - Cross-Site Scripting via Prototype Pollution

jquery-bbq 1.2.1 contains a prototype pollution caused by improperly controlled modification of object prototype attributes, letting malicious users inject properties into Object.prototype, exploit requires malicious user interaction. id: CVE-2021-20086 info: name: Odoo Apps - Cross-Site Scriptin...

8.8CVSS7AI score0.06104EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday78 views

Mastodon Prototype Pollution Vulnerability

The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype Pollution vulnerability. id: CVE-2022-0432 info: name: Mastodon Prototype Pollution Vulnerability author: pikpikcu severity: medium description: The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype...

7.4CVSS6.7AI score0.04465EPSS
Exploits1References5
CVE
CVE
added 2 days ago9 views

CVE-2026-15607

TanStack DB up to 0.6.8 contains a vulnerability in the Alias Path Handler’s select function (src/query/compiler/select.ts) that allows improperly controlled modification of object prototype attributes (prototype pollution). Impacted component: TanStack DB; vulnerability arises from the select fu...

5.3CVSS5.7AI score0.00254EPSS
Exploits0References8
CVE
CVE
added 2 days ago5 views

CVE-2026-15598

The CVE affects antv layout 2.0.0, specifically the setNestedValue function in lib/util/object.js. A manipulation of the argument path can lead to prototype pollution, allowing remote modification of object prototype attributes. The advisory notes the attack can be launched remotely, with low att...

6.5CVSS6.5AI score0.00313EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-15598 antv layout object.js setNestedValue prototype pollution

A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...

6.5CVSS0.00313EPSS
Exploits0References5
CVE
CVE
added 2 days ago9 views

CVE-2026-15538

CVE-2026-15538 affects PrimeFaces PrimeReact up to 10.9.8. The vulnerability is in the API function ObjectUtils.mutateFieldData, where manipulation of the argument Field enables prototype attribute modification (prototype pollution). The attack is stated as remotely exploitable. The issue notes t...

6.5CVSS6.4AI score0.00256EPSS
Exploits0References7
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-15538 primefaces primereact API ObjectUtils.mutateFieldData prototype pollution

A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...

6.5CVSS0.00256EPSS
Exploits0References7
OSV
OSV
added 2 days ago2 views

CVE-2026-15538 primefaces primereact API ObjectUtils.mutateFieldData prototype pollution

A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References9
NVD
NVD
added 4 days ago6 views

CVE-2026-56763

Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...

6.3CVSS0.00177EPSS
Exploits0References2
CVE
CVE
added 4 days ago13 views

CVE-2026-56763

CVE-2026-56763 affects Hono prior to 4.12.7. The parseBody function with dot option enabled accepts proto in field names, allowing prototype pollution when parsed results are merged into regular objects via unsafe merge patterns. Impacted behavior includes modification of object prototypes and po...

6.3CVSS6.1AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43173

Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...

6.3CVSS6.1AI score0.00177EPSS
Exploits0References2
OSV
OSV
added 4 days ago2 views

CVE-2026-56763 Hono - Prototype Pollution via __proto__ Key in parseBody with dot Option

Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...

6.3CVSS6.1AI score0.00177EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-56763 Hono - Prototype Pollution via __proto__ Key in parseBody with dot Option

Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...

6.3CVSS0.00177EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-15187

A flaw was found in enquirer, a command-line prompt tool. A remote attacker could exploit a vulnerability in the Enquirer.set function by manipulating the question.name argument. This improper handling of object prototype attributes can lead to prototype pollution, allowing an attacker to modify...

5.3CVSS6.1AI score0.00248EPSS
Exploits0References10
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-15195 apidevtools json-schema-ref-parser pointer.ts Pointer.set prototype pollution

A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts the function Refs.set/Pointer.set in the library lib/pointer.ts. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched...

6.5CVSS0.00262EPSS
Exploits0References8
CVE
CVE
added 6 days ago9 views

CVE-2026-15195

The CVE affects the apidevtools json-schema-ref-parser package up to version 15.3.5. The vulnerability targets the Refs.set/Pointer.set paths in lib/pointer.ts, enabling remote modification of object prototype attributes (prototype pollution) as described. Impact is described as remote exploitati...

6.5CVSS6.3AI score0.00262EPSS
Exploits0References8
OSV
OSV
added 6 days ago3 views

CVE-2026-15195 apidevtools json-schema-ref-parser pointer.ts Pointer.set prototype pollution

A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts the function Refs.set/Pointer.set in the library lib/pointer.ts. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References10
NVD
NVD
added 6 days ago7 views

CVE-2026-59206

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS0.00297EPSS
Exploits0References3
Rows per page
Query Builder