Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 3:20 p.m.9 views

CVE-2026-44483 RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

8.2CVSS5.9AI score0.00271EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/11 4:9 p.m.9 views

@rvf/set-get has a prototype pollution issue that's reachable via @rvf/core preprocessFormData (HTTP form data)

Summary setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking a path. Because field names in submitted form data are passed directly to setPath via preprocessFormData and through...

8.2CVSS6AI score0.00271EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/11 4:9 p.m.6 views

GHSA-C567-44RC-M5HQ @rvf/set-get has a prototype pollution issue that's reachable via @rvf/core preprocessFormData (HTTP form data)

Summary setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking a path. Because field names in submitted form data are passed directly to setPath via preprocessFormData and through...

8.2CVSS6AI score0.00271EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/21 2:35 p.m.16 views

CVE-2021-47351 ubifs: Fix races between xattr_{set|get} and listxattr operations

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattrset|get and listxattr operations UBIFS may occur some problems with concurrent xattrset|get and listxattr operations, such as assertion failure, memory corruption, stale xattr value1. Fix it by...

6.8AI score0.00236EPSS
Exploits0References5
OSV
OSV
added 2018/02/08 6:29 p.m.3 views

CVE-2017-17413

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get method requests. The issue...

9.8CVSS6.2AI score
Exploits0References1
Rows per page
Query Builder