129154 matches found
CVE-2026-15698
CVE-2026-15698 affects kofrasa mingo up to 7.2.1. The vulnerability lies in the Update API’s functions update/updateOne/updateMany, where manipulating the Set argument can lead to prototype pollution of object attributes. The issue is exploitable remotely, and a fix is available in version 7.2.2 ...
CVE-2026-15697
CVE-2026-15697 affects the svgdotjs svg.js library (up to v3.2.5). The vulnerability is in the EventTarget.on function, enabling manipulation that leads to improperly controlled modification of object prototype attributes (prototype pollution). It is described as exploitable remotely with a repor...
Odoo Apps - Cross-Site Scripting via Prototype Pollution
jquery-bbq 1.2.1 contains a prototype pollution caused by improperly controlled modification of object prototype attributes, letting malicious users inject properties into Object.prototype, exploit requires malicious user interaction. id: CVE-2021-20086 info: name: Odoo Apps - Cross-Site Scriptin...
Mastodon Prototype Pollution Vulnerability
The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype Pollution vulnerability. id: CVE-2022-0432 info: name: Mastodon Prototype Pollution Vulnerability author: pikpikcu severity: medium description: The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype...
CVE-2026-15607
TanStack DB up to 0.6.8 contains a vulnerability in the Alias Path Handler’s select function (src/query/compiler/select.ts) that allows improperly controlled modification of object prototype attributes (prototype pollution). Impacted component: TanStack DB; vulnerability arises from the select fu...
CVE-2026-15598 antv layout object.js setNestedValue prototype pollution
A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...
CVE-2026-15598
The CVE affects antv layout 2.0.0, specifically the setNestedValue function in lib/util/object.js. A manipulation of the argument path can lead to prototype pollution, allowing remote modification of object prototype attributes. The advisory notes the attack can be launched remotely, with low att...
CVE-2026-15538
CVE-2026-15538 affects PrimeFaces PrimeReact up to 10.9.8. The vulnerability is in the API function ObjectUtils.mutateFieldData, where manipulation of the argument Field enables prototype attribute modification (prototype pollution). The attack is stated as remotely exploitable. The issue notes t...
CVE-2026-15538 primefaces primereact API ObjectUtils.mutateFieldData prototype pollution
A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...
CVE-2026-15538 primefaces primereact API ObjectUtils.mutateFieldData prototype pollution
A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...
CVE-2026-56763
Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...
CVE-2026-56763
CVE-2026-56763 affects Hono prior to 4.12.7. The parseBody function with dot option enabled accepts proto in field names, allowing prototype pollution when parsed results are merged into regular objects via unsafe merge patterns. Impacted behavior includes modification of object prototypes and po...
EUVD-2026-43173
Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...
CVE-2026-56763 Hono - Prototype Pollution via __proto__ Key in parseBody with dot Option
Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...
CVE-2026-56763 Hono - Prototype Pollution via __proto__ Key in parseBody with dot Option
Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...
CVE-2026-15187
A flaw was found in enquirer, a command-line prompt tool. A remote attacker could exploit a vulnerability in the Enquirer.set function by manipulating the question.name argument. This improper handling of object prototype attributes can lead to prototype pollution, allowing an attacker to modify...
CVE-2026-15195 apidevtools json-schema-ref-parser pointer.ts Pointer.set prototype pollution
A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts the function Refs.set/Pointer.set in the library lib/pointer.ts. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched...
CVE-2026-15195
The CVE affects the apidevtools json-schema-ref-parser package up to version 15.3.5. The vulnerability targets the Refs.set/Pointer.set paths in lib/pointer.ts, enabling remote modification of object prototype attributes (prototype pollution) as described. Impact is described as remote exploitati...
CVE-2026-15195 apidevtools json-schema-ref-parser pointer.ts Pointer.set prototype pollution
A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts the function Refs.set/Pointer.set in the library lib/pointer.ts. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched...
CVE-2026-59206
n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...