CVE-2026-12208

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

EUVD-2026-36683

A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is...

PT-2026-49171

A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is...

PT-2026-49170

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

Astra Linux - уязвимость в node-json-schema

JSON-schema is vulnerable to improperly controlled modification of object prototype attributes known as “Prototype Pollution”...

CVE-2026-6594

A vulnerability identified as CVE-2026-6594 affects brikcss merge up to version 1.3.0. The issue enables prototype pollution by manipulating proto /constructor.prototype/prototype, with remote exploitation possible. Product/vendor details beyond brikcss merge are not provided in the connected doc...

EUVD-2026-12432

A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public...

PT-2026-21488

Name of the Vulnerable Software and Affected Versions higuma web-audio-recorder-js versions 0.1 and 0.1.1 Description A flaw exists in the extend function within the lib/WebAudioRecorder.js library, specifically in the Dynamic Config Handling component. This allows for improper modification of...

EUVD-2021-2106

Malware in sbrugna...

Cross-site Scripting (XSS)

Linkify is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improperly controlled modification of object prototype attributes due to insufficient validation of user-controlled input, which can lead to XSS and manipulation of application variables...

The vulnerabilities of Machine Learning functions and the Reporting service of the Kibana data visualization platform allow a hacker to execute arbitrary code.

The vulnerability of Machine Learning and Reporting services in the Kibana data visualization platform lies in the lack of a mechanism for controlling changes to object prototypes’ attributes. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending specially...

The vulnerability of Backstage’s portal-building platform lies in its uncontrolled modification of object prototype attributes, allowing attackers to trigger service failures.

The vulnerability of the Backstage developer portal-building platform lies in the uncontrolled modification of object prototype attributes. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause service failures by sending a specially crafted API request...

The vulnerability of Mozilla Convict’s library involves uncontrolled changes to object prototype attributes, allowing attackers to execute arbitrary code.

The vulnerability of the Mozilla Convict library is related to uncontrolled changes to object prototype attributes. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the nestTables function in the SAP HANA Client database connectivity software allows a perpetrator to cause a service failure.

The vulnerability of the nestTables function in the SAP HANA Client database connectivity software is related to uncontrolled changes in object prototype attributes. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

The vulnerability of the JSONata data transformation software lies in the uncontrolled modification of prototype attributes, allowing attackers to execute arbitrary code or cause service failures.

The vulnerability of the JSONata data transformation software is related to uncontrolled changes to object prototype attributes. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service failures...

The vulnerability of the dot-diver library lies in the uncontrolled modification of object prototype attributes, allowing attackers to execute arbitrary code.

The vulnerability of the dot-diver library is related to uncontrolled changes to the attributes of the object’s prototype. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the QTS and QuTS operating systems and QNAP network devices lies in the uncontrolled modification of prototype attributes of objects, allowing attackers to trigger service failures.

The vulnerability of the QTS and QuTS operating systems and QNAP network devices is related to uncontrolled changes in the attributes of the prototype object. Exploiting this vulnerability allows a malicious actor to cause service failures by transmitting specially created data...

The vulnerability of the parse method in the json5 package manager library in NPM allows a hacker to trigger a service failure.

The vulnerability of the parse method in the json5 package manager library from NPM is related to uncontrolled changes to prototype attributes of objects. Exploiting this vulnerability could allow a malicious actor to cause service failures...

convict 安全漏洞

convict is a featured configuration management library for Node.js. A security vulnerability exists in convict, which stems from improperly controlled modifications to object prototype attributes...

CVE-2021-4278 cronvel tree-kit prototype pollution

A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. Upgrading to version 0.7.0 is able to address this issue. The...