GHSA-2G7H-7RQR-9P4R Vikunja has iCalendar Property Injection via CRLF in CalDAV Task Output

Summary The CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT value escaping. User-controlled task titles containing CRLF characters break the iCalendar property boundary, allowing injection of arbitrary iCalendar properties such as...

CVE-2026-3199

CVE-2026-3199 is an authenticated remote code execution flaw in Sonatype Nexus Repository’s task management component, affecting versions 3.22.1 through 3.90.2. An attacker with task creation permissions can bypass nexus.scripts.allowCreation and execute arbitrary code. The connected CVE records ...

Lexmark Printers Denial of Service (CVE-2019-11358)

jQuery before 3.4.0 mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype. This can lead to a denial of service, remote code execution, or property injection...

EUVD-2021-0536

Malware in sbrugna...

EUVD-2019-0238

Malware in sbrugna...

EUVD-2019-0333

Malware in sbrugna...

EUVD-2022-4938

Malicious code in bioql PyPI...

EUVD-2022-3844

Malicious code in bioql PyPI...

PT-2025-39323

Name of the Vulnerable Software and Affected Versions node-cube versions prior to 5.0.0 Description The node-cube package has an issue in how it initializes the prototype chain, potentially allowing an attacker to add properties to the prototype of built-in objects. This occurs due to insufficien...

CVE-2024-38993

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2023-3186

The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype...

GHSA-F6V4-CF5J-VF3W dset Prototype Pollution vulnerability

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the...

RHEL 6 : ipa (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

Mongoose Vulnerable to Prototype Pollution in Schema Object

Description Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Affected versions of this package are vulnerable to Prototype Pollution. The Schema.path function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows...

Prototype Pollution

convict is vulnerable to prototype pollution.A bypass of the fix for CVE-2022-22143 is possible which allows an attacker to inject properties into existing construct prototypes via the main.js and modify attributes such as proto, constructor, and prototype...

RHEL 8 : pcs (RHSA-2021:4142)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4142 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been...

SUSE: Security Advisory (SUSE-SU-2012:1426-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

jquery-plugin-query-object 安全漏洞

jquery-plugin-query-object is an application. It is used for query string modification and creation in jQuery. A security vulnerability exists in jquery-plugin-query-object 2.2.3, which stems from an improperly controlled modification of the object prototype property that allows a malicious user ...