Lucene search
K

28 matches found

CVE
CVE
added 2026/03/06 6:25 p.m.261 views

CVE-2026-29063

CVE-2026-29063 affects Immutable.js, where prototype pollution is possible via mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs in versions prior to 3.8.3, 4.3.7, and 5.1.5. IBM security bulletins corroborate the issue and list affected IBM products (e.g., Cloud Pak for ...

9.8CVSS5.7AI score0.00978EPSS
Exploits1References59Affected Software1
Cvelist
Cvelist
added 2026/03/06 6:25 p.m.28 views

CVE-2026-29063 Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

8.7CVSS0.00978EPSS
Exploits1References4
OSV
OSV
added 2026/03/06 6:25 p.m.4 views

CVE-2026-29063 Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

8.7CVSS5.7AI score0.00978EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/04 9:28 p.m.57 views

Immutable is vulnerable to Prototype Pollution

Impact What kind of vulnerability is it? Who is impacted? A Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. Affected APIs | API | Notes | | --------------------------------------- |...

9.8CVSS5.8AI score0.00978EPSS
Exploits1References10Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-16062

Malware in sbrugna...

9.8CVSS9.5AI score0.02232EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added 2025/06/06 2:14 a.m.3 views

SUSE CVE-2025-48934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false...

6.9CVSS7AI score0.00359EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/06/04 8:15 p.m.2 views

CVE-2025-48934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false...

6.9CVSS7.3AI score0.00359EPSS
Exploits1References6
Cvelist
Cvelist
added 2019/01/22 2:0 p.m.24 views

CVE-2019-6503

There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method...

9.6AI score0.02232EPSS
Exploits2References1
Rows per page
Query Builder