Lucene search
K

420 matches found

Github Security Blog
Github Security Blog
added 2026/01/08 8:42 p.m.25 views

React Router has XSS Vulnerability

A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. !NOTE This does not impact applications using Declarative Mode or Data Mod...

7.6CVSS6.5AI score0.00448EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2025/12/15 4:44 p.m.7 views

Prototype Pollution

Vuetify is vulnerable to Prototype Pollution. The vulnerability is due to the internal mergeDeep utility merging user-supplied preset objects without proper safeguards, which allows an attacker to supply a crafted preset to pollute JavaScript object prototypes and potentially cause denial of...

8.6CVSS7AI score0.00281EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/12/12 9:31 p.m.4 views

EUVD-2025-203121

Vuetify has a Prototype Pollution vulnerability...

8.6CVSS6.5AI score0.00281EPSS
Exploits0References4
OSV
OSV
added 2025/12/12 9:31 p.m.0 views

GHSA-3JP5-5F8R-Q2WG Vuetify has a Prototype Pollution vulnerability

The Preset configuration feature of Vuetify is vulnerable to Prototype Pollution due to the internal 'mergeDeep' utility function used to merge options with defaults. Using a specially-crafted, malicious preset can result in polluting all JavaScript objects with arbitrary properties, which can...

8.6CVSS6.6AI score0.00281EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/12 9:31 p.m.8 views

Vuetify has a Prototype Pollution vulnerability

The Preset configuration feature of Vuetify is vulnerable to Prototype Pollution due to the internal 'mergeDeep' utility function used to merge options with defaults. Using a specially-crafted, malicious preset can result in polluting all JavaScript objects with arbitrary properties, which can...

8.6CVSS6.8AI score0.00281EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/12 8:15 p.m.5 views

CVE-2025-8083

The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/PrototypePollutionPreventionCheatSheet.html due to the internal 'mergeDeep' utility function used to merge options with...

8.6CVSS0.00281EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/12 7:45 p.m.5 views

Prototype Pollution

Overview org.webjars.npm:vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function used to merge preset options with defaults. An attacker can inject arbitrary properties into all JavaScript...

8.8CVSS6.7AI score0.00281EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/12 7:45 p.m.6 views

Prototype Pollution

Overview vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function used to merge preset options with defaults. An attacker can inject arbitrary properties into all JavaScript objects by...

8.8CVSS7.9AI score0.00281EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/12 7:29 p.m.20 views

CVE-2025-8083 Vuetify Prototype Pollution via Preset options

The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/PrototypePollutionPreventionCheatSheet.html due to the internal 'mergeDeep' utility function used to merge options with...

8.6CVSS0.00281EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/12 7:29 p.m.3 views

CVE-2025-8083 Vuetify Prototype Pollution via Preset options

The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/PrototypePollutionPreventionCheatSheet.html due to the internal 'mergeDeep' utility function used to merge options with...

8.6CVSS6.4AI score0.00281EPSS
Exploits0References2
CVE
CVE
added 2025/12/12 7:29 p.m.10 views

CVE-2025-8083

Vuetify CVE-2025-8083 is a Prototype Pollution flaw in the Preset configuration feature via internal mergeDeep when merging malicious presets. Affected: Vuetify >=2.2.0-beta.2 and

8.6CVSS6.4AI score0.00281EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.3 views

PT-2025-50969

Name of the Vulnerable Software and Affected Versions Vuetify versions 2.2.0-beta.2 through 3.0.0-alpha.10 Description The Preset configuration feature of Vuetify is susceptible to Prototype Pollution due to the 'mergeDeep' utility function used for merging options with defaults. A malicious pres...

8.6CVSS6.8AI score0.00281EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2025/12/08 8:42 a.m.155 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Proof-of-Concept This repository contains a Pr...

10CVSS7.7AI score0.99562EPSS
Exploits372
Veracode
Veracode
added 2025/10/17 8:14 p.m.10 views

Race Condition

@angular/platform-server, @angular/ssr and @nguniversal/common are vulnerable to Race Condition. The vulnerability is due to the platform injector being stored as a module-scoped global variable during server-side rendering, which allows concurrent requests to overwrite or access each other’s...

7.1CVSS6.8AI score0.00326EPSS
Exploits1References4Affected Software3
RedhatCVE
RedhatCVE
added 2025/10/17 7:46 p.m.8 views

CVE-2025-62427

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...

8.7CVSS7AI score0.00397EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/10/16 9:28 p.m.3 views

@dl3g0/primeng (=17.17.0-20.0.3), @hmcts/ccd-case-ui-toolkit (>=7.3.49-4369 <=7.3.51) +15 more potentially affected by CVE-2025-62427 via @angular/ssr (>=20.3.18 <=20.3.26)

@angular/ssr NPM version =20.3.18, =7.3.49-4369, =4.2.4-exui-3994-f, =0.0.4, =0.3.0, =20.0.0, =0.0.0, =1.0.2, =0.0.0, =0.1.0, =0.0.8, =0.0.12 and more Source cves: CVE-2025-62427 Source advisory: OSV:GHSA-Q63Q-PGMF-MXHR...

8.7CVSS7.4AI score0.00397EPSS
Exploits1
EUVD
EUVD
added 2025/10/16 9:28 p.m.9 views

EUVD-2025-34823

Angular SSR has a Server-Side Request Forgery SSRF flaw...

8.7CVSS6.5AI score0.00397EPSS
Exploits1References3
Snyk
Snyk
added 2025/10/16 7:42 p.m.8 views

Server-side Request Forgery (SSRF)

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createRequestUrl function. An attacker can cause the server to make arbitrary HTTP requests to external domains by supplying a...

8.7CVSS7.1AI score0.00397EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/16 6:50 p.m.19 views

CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...

8.7CVSS0.00397EPSS
Exploits1References2
CVE
CVE
added 2025/10/16 6:50 p.m.27 views

CVE-2025-62427

CVE-2025-62427 describes a Server-Side Request Forgery in Angular SSR. The vulnerability arises in the @angular/ssr package where createRequestUrl uses the native URL constructor; if an incoming request path starts with // or \, the URL becomes schema-relative, causing the attacker-controlled hos...

8.7CVSS6.6AI score0.00397EPSS
Exploits1References2
Rows per page
Query Builder