JLSEC-2026-498

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

PT-2026-31620

Name of the Vulnerable Software and Affected Versions LIBPNG versions 1.0.9 through 1.6.56 Description LIBPNG is a library used by applications to read, create, and manipulate PNG image files. A flaw exists where passing a pointer obtained from png get PLTE, png get tRNS, or png get hIST back int...

app-state (>=0.3.0 <=2.0.1), grasshopper-framework (=0.0.0-alpha.5) +3 more potentially affected by unknown CVE via get-setter (=0.0.0)

get-setter NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on get-setter and may be impacted: - app-state =0.3.0, =0.0.0, =0.0.1 - immutable-model-object =0.0.0 - model-object =0.0.0 Source cves: unknown CVE Source advisory:...

Prototype Pollution

Overview safe-object2 is a Secure operation object get/set Affected versions of this package are vulnerable to Prototype Pollution via the setter function. POC const safeObj2 = require""safe-object2""; const obj = safeObj2; obj.setter'proto', 'polluted', true console.logpolluted; // true Details...