Lucene search
K

129108 matches found

Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-15187 enquirer Public Package API Enquirer.set prototype pollution

A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.set of the component Public Package API. The manipulation of the argument question.name results in improperly controlled modification of object prototype attributes. The attack can be launched remotely...

5.3CVSS0.00248EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago5 views

Important: Red Hat Security Advisory: Kiali 2.11.14 for Red Hat OpenShift Service Mesh 3.1

Kiali 2.11.14 for Red Hat OpenShift Service Mesh 3.1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.1CVSS7AI score0.00715EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 5 days ago8 views

Important: Red Hat Security Advisory: Kiali 2.22.7 for Red Hat OpenShift Service Mesh 3.3

Kiali 2.22.7 for Red Hat OpenShift Service Mesh 3.3 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.1CVSS7AI score0.00715EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 5 days ago7 views

Important: Red Hat Security Advisory: Kiali 2.4.20 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.20 for Red Hat OpenShift Service Mesh 3.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.1CVSS7AI score0.00715EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 5 days ago19 views

JetBrains YouTrack < 2026.2.16593 Multiple Vulnerabilities

The version of JetBrains YouTrack installed on the remote host is prior to 2026.2.16593. It is, therefore, affected by multiple vulnerabilities, including: - The websandbox bridge was vulnerable to a prototype pollution attack. CVE-2026-57926 - Improper access control allowed reading users' priva...

9.8CVSS6.1AI score0.00178EPSS
Exploits0References7
Snyk
Snyk
added 6 days ago16 views

Prototype Pollution

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution through the textformat file. An attacker can modify the prototype of the returned map object by supplying a specially crafted map entry with the key proto...

8.3CVSS6.5AI score0.00221EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Prototype Pollution

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Prototype Pollution through the textformat file. An attacker can modify the prototype of the returned map object by supplyi...

8.3CVSS6.4AI score0.00221EPSS
Exploits0References2
NVD
NVD
added 6 days ago10 views

CVE-2026-59876

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS0.00221EPSS
Exploits0References4
NVD
NVD
added 6 days ago8 views

CVE-2026-57439

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS0.00094EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-57439 CyberChef: Prototype pollution in Series Chart operation

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS0.00094EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42294

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS5.9AI score0.00094EPSS
Exploits0References5
CVE
CVE
added 6 days ago7 views

CVE-2026-57439

CyberChef’s CVE-2026-57439 affects the Series Chart operation prior to version 11.2.0. The vulnerability arises when parsing user-supplied CSV, where proto can be used as a key, enabling prototype pollution. This can be chained with other operations (e.g., Parse UDP) to inject malicious JavaScrip...

5CVSS5.9AI score0.00094EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/06 10:9 a.m.16 views

Security Bulletin: IBM Quantum Safe Explorer is affected by multiple vulnerabilites

Summary The vulnerabilities were found in dependent open source libraries used within IBM Quantum Safe Explorer code base. These issues have been addressed by updating the versions of affected libraries. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client...

7.5CVSS6.3AI score0.00808EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/04 1:9 a.m.8 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System[CVE-2020-5256, CVE-2025-2895]

Summary Multiple Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System is affected to Prototype Pollution due to Dojo and HTML Injection in JavaScript. Vulnerability Details CVEID:CVE-2020-5258 DESCRIPTION: In affected versions of dojo NPM package, the deepCopy method is...

9CVSS6.7AI score0.0399EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/03 11:2 p.m.3 views

Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System

Summary Multiple Vulnerabilities have been addressed in IBM Cloud Pak System v2.3.5.1. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable v...

9.8CVSS6.2AI score0.01535EPSS
Exploits4Affected Software2
OSV
OSV
added 2026/07/02 2:13 p.m.6 views

PYSEC-2026-628 XSS in jQuery as used in Drupal, Backdrop CMS, and other products

jQuery from 1.1.4 until 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS6.9AI score0.87218EPSS
Exploits4References112
NVD
NVD
added 2026/07/02 1:17 p.m.9 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 12:34 p.m.7 views

EUVD-2026-41367

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS5.8AI score0.00158EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 12:34 p.m.38 views

CVE-2026-58653 PraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/Update

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS0.00158EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:34 p.m.9 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS5.8AI score0.00158EPSS
Exploits0References3
Rows per page
Query Builder