Lucene search
K

127 matches found

Github Security Blog
Github Security Blog
added 2026/04/16 10:38 p.m.9 views

Unsafe object property setter in mathjs

Impact This security vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. Patches The issue was introduced in mathjs v13.1.1, an...

8.8CVSS5.9AI score0.00551EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/13 11:26 p.m.9 views

SUSE CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

5.1CVSS6AI score0.00195EPSS
Exploits1References13
OSV
OSV
added 2026/04/09 3:16 p.m.2 views

DEBIAN-CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

4.4CVSS5.5AI score0.00195EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31620

Name of the Vulnerable Software and Affected Versions LIBPNG versions 1.0.9 through 1.6.56 Description LIBPNG is a library used by applications to read, create, and manipulate PNG image files. A flaw exists where passing a pointer obtained from png get PLTE, png get tRNS, or png get hIST back int...

7.5CVSS6AI score0.0064EPSS
Exploits2References85
OSV
OSV
added 2026/04/04 6:17 a.m.4 views

GHSA-737V-MQG7-C878 defu: Prototype pollution via `__proto__` key in defaults argument

Impact Applications that pass unsanitized user input e.g. parsed JSON request bodies, database records, or config files from untrusted sources as the first argument to defu are vulnerable to prototype pollution. A crafted payload containing a proto key can override intended default values in the...

7.5CVSS5.9AI score0.00398EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/29 3:17 p.m.10 views

Prototype Pollution

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Prototype Pollution in the protoAccessControl function. An attacker can gain unauthorized access to prototype methods by referencing lookupSetter in templates through...

6.3CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 2026/03/29 3:17 p.m.7 views

Prototype Pollution

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Prototype Pollution in the protoAccessControl function. An attacker can gain unauthorized access to prototype methods by referencing lookupSetter in templat...

6.3CVSS6.3AI score
Exploits0References2
OSV
OSV
added 2026/03/29 3:17 p.m.3 views

GHSA-7RX3-28CR-V5WH Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry

Summary The prototype method blocklist in lib/handlebars/internal/proto-access.js blocks constructor, defineGetter, defineSetter, and lookupGetter, but omits the symmetric lookupSetter. This omission is only exploitable when the non-default runtime option allowProtoMethodsByDefault: true is...

4.8CVSS5.9AI score0.04506EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/29 3:17 p.m.12 views

Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry

Summary The prototype method blocklist in lib/handlebars/internal/proto-access.js blocks constructor, defineGetter, defineSetter, and lookupGetter, but omits the symmetric lookupSetter. This omission is only exploitable when the non-default runtime option allowProtoMethodsByDefault: true is...

9.8CVSS5.9AI score0.04506EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2025/12/24 1:15 p.m.5 views

CVE-2022-50731

In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher - default implementation for setting a private key Changes from v1: removed the default implementation from setpubkey: it is assumed that an implementation must always have this callback defined as there are no u...

5.9AI score0.00211EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-1122

Malware in sbrugna...

9.8CVSS9.3AI score0.01916EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/06 12:0 a.m.12 views

CVE-2025-57247

The BATBToken smart contract address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a contains incorrect access control implementation in whitelist management functions. The setColdWhiteList and setSpecialAddress functions in the base ERC20 contract are declare...

0.00334EPSS
Exploits0References2
OSV
OSV
added 2025/08/28 7:15 p.m.6 views

CVE-2025-9580

A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...

8.8CVSS5.6AI score0.06729EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/11/29 6:36 p.m.23 views

CVE-2024-52810 Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4

@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared 10.0.4 is vulnerable to Prototype Pollution through the entry functions lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the globa...

6.9CVSS7.8AI score0.00735EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/13 12:0 a.m.5 views

The vulnerability in the implementation of the HCI driver for Bluetooth on Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the implementation of the HCI driver Bluetooth kernel for the Linux operating system is related to the assignment of a zero pointer in the functions min,maxkeysizeset in the net/bluetooth/hcidebugfs.c module. Exploiting this vulnerability could allow a malicious actor to caus...

5.3CVSS6.5AI score0.00805EPSS
Exploits0References17Affected Software2
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.9 views

Bidders can bid at previous auction reserve price by frontrunning the setter transactions

Lines of code Vulnerability details Impact The AuctionHouse.settleCurrentAndCreateNewAuction can frontrun the setter functions such as setCreatorRateBps, setMinCreatorRateBps, setEntropyRateBps, setTimeBuffer, setMinBidIncrementPercentage & setReservePrice. As soon as the current auction ends, an...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/28 12:0 a.m.8 views

Upgraded Q -> 2 from #523 [1677626174331]

Judge has assessed an item in Issue 523 as 2 risk. The relevant finding follows: Title Add function for feeRecipient change in MultiRewardEscrow.sol contract Links to affected code Vulnerability details Impact If account feeRecipient would be compromised, or the protocol owner wants from some oth...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.3 views

SUSE CVE-2009-2469

Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an defineSetter function, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a crafted documen...

10CVSS8.8AI score0.05557EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.5 views

SUSE CVE-2014-1713

Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have...

7.5CVSS9.6AI score0.02272EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.7 views

SUSE CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...

8.8CVSS8.9AI score0.70226EPSS
Exploits8References13
Rows per page
Query Builder