CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

NVD•added 2026/06/12 10:16 p.m.•10 views

CVE-2026-53609

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, apos.util.set traverses dot-notation paths without sanitizing proto, allowing an authenticated editor to write arbitrary values to Object.prototype via the $pullAll patch operator. A confirm...

9.1CVSS0.00237EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-2155

Malware in sbrugna...

9.8CVSS9.3AI score0.015EPSS

Exploits1References5

OSV•added 2021/10/21 5:50 p.m.•23 views

GHSA-4MVJ-RQ4V-2FXW Prototype Pollution in x-assign

This vulnerability affects all versions of package x-assign. The global proto object can be polluted using the proto object...

8.6CVSS9.5AI score0.015EPSS

Exploits1References4

NVD•added 2021/10/20 1:15 p.m.•12 views

CVE-2021-23452

This affects all versions of package x-assign. The global proto object can be polluted using the proto object...

9.8CVSS0.015EPSS

Exploits1References2

Prion•added 2021/10/20 1:15 p.m.•12 views

Code injection

This affects all versions of package x-assign. The global proto object can be polluted using the proto object...

7.5CVSS9.4AI score0.015EPSS

Exploits1References2

CVE•added 2021/10/20 12:15 p.m.•51 views

CVE-2021-23452

CVE-2021-23452 affects all versions of the package x-assign . The flaw is a prototype pollution vulnerability: an attacker can pollute the global proto object via the proto property, enabling manipulation of object prototypes and potentially leading to DoS or remote code execution as discussed in...

9.8CVSS9.3AI score0.015EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2021/10/20 12:0 a.m.•3 views

PT-2021-15534 · X-Assign · X-Assign

Name of the Vulnerable Software and Affected Versions: x-assign versions all Description: The issue affects the global proto object, which can be polluted using the proto object. This allows for potential manipulation of the object's properties. Recommendations: For all versions, consider...

9.8CVSS9.4AI score0.015EPSS

Exploits1References6

Github Security Blog•added 2021/09/20 8:12 p.m.•27 views

Prototype Pollution in cookiex/deep

The npm @cookiex/deep package before version 0.0.7 has a prototype pollution vulnerability. The global proto object can be polluted using the proto object...

9.8CVSS3.8AI score0.01539EPSS

Exploits1References5Affected Software1

NVD•added 2021/09/17 10:15 a.m.•13 views

CVE-2021-23442

This affects all versions of package @cookiex/deep. The global proto object can be polluted using the proto object...

9.8CVSS0.01539EPSS

Exploits1References3

OSV•added 2021/09/17 10:15 a.m.•16 views

CVE-2021-23442

This affects all versions of package @cookiex/deep. The global proto object can be polluted using the proto object...

9.8CVSS6.8AI score

Exploits0References3

Cvelist•added 2021/09/17 9:45 a.m.•16 views

CVE-2021-23442 Prototype Pollution

This affects all versions of package @cookiex/deep. The global proto object can be polluted using the proto object...

8.6CVSS9.7AI score0.01539EPSS

Exploits1References3

CVE•added 2021/09/17 9:45 a.m.•58 views

CVE-2021-23442

The CVE-2021-23442 issue affects the npm package @cookiex/deep, where the global Object proto can be polluted via proto . The root cause is prototype pollution in the library, impacting all versions prior to 0.0.7. Documented references (GHSA, OSV, Veracode, NVD) indicate high impact with potenti...

9.8CVSS9.2AI score0.01539EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by