Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 7:39 p.m.2 views

CVE-2026-39412 LiquidJS has an ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sortnatural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack...

5.3CVSS5.9AI score0.00403EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31351

Summary The sort natural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack. Applications relying on ownPropertyOnly: true as a security boundary e.g., multi-tenant template syste...

5.3CVSS5.9AI score0.00403EPSS
Exploits1References6
OSV
OSV
added 2024/04/03 5:15 p.m.4 views

CVE-2024-20302

A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator NDO could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. This vulnerability is due to improper access controls within tenant security. An attacker who i...

4.3CVSS5.9AI score0.00383EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/03 4:21 p.m.15 views

CVE-2024-20302

A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator NDO could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. This vulnerability is due to improper access controls within tenant security. An attacker who i...

5.4CVSS7.3AI score0.00383EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.13 views

PT-2024-3820 · Cisco · Cisco Nexus Dashboard Orchestrator

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Orchestrator affected versions not specified Description: A vulnerability in the tenant security implementation could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. Th...

5.5CVSS7AI score0.00383EPSS
Exploits0References4
Rows per page
Query Builder