CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

179 matches found

OSV•added 2022/03/17 12:15 p.m.•9 views

CVE-2022-25352

The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. Note: This vulnerability derives from an incomplete fix for CVE-2020-28283...

9.8CVSS6.7AI score

Exploits0References3

Cvelist•added 2022/03/17 11:20 a.m.•14 views

CVE-2022-25352 Prototype Pollution

The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. Note: This vulnerability derives from an incomplete fix for CVE-2020-28283...

7.5CVSS9.8AI score0.00536EPSS

Exploits1References3

ATTACKERKB•added 2022/03/17 11:16 a.m.•2 views

CVE-2022-25352

The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. Note: This vulnerability derives from an incomplete fix for CVE-2020-28283...

9.8CVSS7.2AI score0.02811EPSS

Exploits2References4

CNNVD•added 2022/03/17 12:0 a.m.•1 views

Dominictarr Libnested 安全漏洞

Dominictarr Libnested is a codebase from the Dominictarr individual developer that provides map, each, get, set, keys functions for basic nested objects. A security vulnerability exists in Dominictarr Libnested, which stems from the set function in index.js being susceptible to prototype...

9.8CVSS8.2AI score0.00536EPSS

Exploits1References4

OSV•added 2022/02/10 8:33 p.m.•21 views

GHSA-6M85-WVCR-PGW3 Prototype Pollution in safetydance

All versions of package safetydance are vulnerable to Prototype Pollution via the set function...

7.3CVSS9.5AI score0.00391EPSS

Exploits1References4

Github Security Blog•added 2022/02/10 8:33 p.m.•29 views

Prototype Pollution in safetydance

All versions of package safetydance are vulnerable to Prototype Pollution via the set function...

9.8CVSS8.9AI score0.00391EPSS

Exploits1References4Affected Software1

Snyk•added 2022/01/27 2:40 p.m.•2 views

Prototype Pollution

Overview sds is a structured data search package. Affected versions of this package are vulnerable to Prototype Pollution. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives fr...

7.5CVSS6.9AI score0.00318EPSS

Exploits2References2

OSV•added 2021/12/24 8:15 p.m.•2 views

CVE-2021-23574

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

9.8CVSS7.3AI score

Exploits0References6

CNNVD•added 2021/12/24 12:0 a.m.•1 views

js-data 安全漏洞

js-data is a framework-agnostic, datastore-agnostic ORM for Node.js and browsers. A security vulnerability exists in js-data that stems from packages being susceptible to prototype contamination via the deepFillIn and set functions...

9.8CVSS8.3AI score0.01272EPSS

Exploits1References7

Snyk•added 2021/11/30 12:44 p.m.•3 views

Prototype Pollution

Overview @fabiocaccamo/utils.js is a JavaScript utils for lazy devs. Affected versions of this package are vulnerable to Prototype Pollution via the set and method, which merges the path and value parameters based on the key:value. PoC const utils = require"@fabiocaccamo/utils.js"; const obj = ;...

9.8CVSS8.4AI score0.00184EPSS

Exploits1References2

Snyk•added 2021/09/13 9:47 a.m.•1 views

Prototype Pollution

Overview js-data is a Robust, framework-agnostic in-memory data store. Affected versions of this package are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442. PoC 1 var jsdata = require'js-data'; var obj = ; var payload =...

9.8CVSS9AI score0.01272EPSS

Exploits2References2

Veracode•added 2021/09/07 12:52 a.m.•14 views

Prototype Pollution

objection is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the set and zipObject function...

9.8CVSS4.6AI score0.00359EPSS

Exploits1References3Affected Software1

OSV•added 2021/09/01 6:36 p.m.•1 views

GHSA-F9CV-665R-275H Prototype Pollution in merge-change

All current versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function...

9.8CVSS7.2AI score0.0053EPSS

Exploits1References4

CNNVD•added 2021/08/30 12:0 a.m.•2 views

total.js 代码注入漏洞

total.js is open source a framework developed using JavaScript for the Node.js platform. It can be used to develop web, desktop, service and IoT platforms. Total.js suffers from a code injection vulnerability that stems from a call to the utils.set function with a user-controlled value in the...

7.5CVSS7.5AI score0.00871EPSS

Exploits1References4

ATTACKERKB•added 2021/08/11 5:25 p.m.•2 views

CVE-2021-23421

All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function...

9.8CVSS5.3AI score0.0053EPSS

Exploits1References3

CNNVD•added 2021/06/02 12:0 a.m.•1 views

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video. A security vulnerability exists in FFmpeg due to a memory leak in the av dictionary set function in dict.c. An attacker could use this vulnerability to conduct a denial-of-service attack. The vulnerability can ...

6.5CVSS5.7AI score0.01553EPSS

Exploits1References8

CNNVD•added 2021/06/02 12:0 a.m.•1 views

FFmpeg 安全漏洞

6.5CVSS5.7AI score0.00437EPSS

Exploits1References1

Github Security Blog•added 2021/05/10 6:37 p.m.•34 views

Prototype Pollution in bmoor

The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function...

9.8CVSS8.9AI score0.00849EPSS

Exploits1References5Affected Software1

OSV•added 2021/05/10 6:37 p.m.•15 views