Lucene search
K

76 matches found

EUVD
EUVD
added 2 days ago4 views

EUVD-2026-43601

An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...

7.5CVSS6.1AI score0.00409EPSS
Exploits0References3
NVD
NVD
added 3 days ago4 views

CVE-2026-39042

An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...

7.5CVSS0.00409EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2026-39042

The CVE-2026-39042 issue affects MikroTik RouterOS, specifically 7.21.x prior to 7.21.4 and 7.22.x prior to 7.22.2. The vulnerability resides in the unflatten() function within libumsg.so, allowing a remote attacker to cause a denial of service. No exploitation details are provided in the documen...

7.5CVSS6.1AI score0.00409EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-39042

An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...

0.00409EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: The issue in fdt: fix off-by-one error in unflattendtnodes Commit 78c44d910d3e “drivers/of: Fix depth when unflattening devicetree” forgot to fix the depth check within the loop body of unflattendtnodes. This could lead to an...

7.8CVSS6.2AI score0.00248EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/13 12:23 a.m.6 views

SUSE CVE-2026-30226

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

7.5CVSS5.8AI score0.00373EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/12 2:13 p.m.14 views

devalue has prototype pollution in devalue.parse and devalue.unflatten

In devalue v5.6.3, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service DoS or type confusion...

7.5CVSS5.8AI score0.00373EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/12 2:13 p.m.3 views

GHSA-CFW5-2VXH-HR84 devalue has prototype pollution in devalue.parse and devalue.unflatten

In devalue v5.6.3, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service DoS or type confusion...

6.3CVSS5.9AI score0.00373EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/12 11:27 a.m.6 views

CVE-2026-30226

A flaw was found in the Svelte devalue JavaScript library. A remote attacker could exploit a prototype pollution vulnerability by sending maliciously crafted payloads to the devalue.parse or devalue.unflatten functions. Successful exploitation of this flaw could lead to a Denial of Service DoS...

7.5CVSS5.8AI score0.00373EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/11 8:43 p.m.8 views

Prototype Pollution

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Prototype Pollution via the parse or unflatten functions. An attacker can manipulate object prototype...

7.5CVSS6.3AI score0.00373EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 6:16 p.m.5 views

CVE-2026-30226

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

7.5CVSS0.00373EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 5:47 p.m.31 views

CVE-2026-30226 devalue has prototype pollution in devalue.parse and devalue.unflatten

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

6.3CVSS0.00373EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 5:47 p.m.19 views

CVE-2026-30226

The CVE relates to the Svelte devalue JavaScript library. Affected versions are 5.6.3 and earlier, where devalue.parse and devalue.unflatten are vulnerable to prototype pollution via malicious payloads. Exploitation can cause Denial of Service (DoS) or type confusion. The issue is mitigated by up...

7.5CVSS5.8AI score0.00373EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/11 5:47 p.m.5 views

CVE-2026-30226 devalue has prototype pollution in devalue.parse and devalue.unflatten

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

6.3CVSS5.8AI score0.00373EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 5:47 p.m.4 views

CVE-2026-30226

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

6.3CVSS5.8AI score0.00373EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 5:47 p.m.1 views

CVE-2026-30226 devalue has prototype pollution in devalue.parse and devalue.unflatten

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

6.3CVSS5.8AI score0.00373EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

devalue 安全漏洞

devalue is an enhanced JavaScript object serialization library developed by Svelte. Versions of devalue 5.6.3 and earlier contained a security vulnerability. This vulnerability stemmed from the susceptibility of devalue.parse and devalue.unflatten to prototype pollution attacks involving speciall...

7.5CVSS5.8AI score0.00373EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004198)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004198 advisory. A memory leak in the unittestdataadd function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service memory...

7.8CVSS6.9AI score0.03551EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003665 advisory. A memory leak in the unittestdataadd function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service memory...

7.8CVSS6.9AI score0.03551EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/24 10:33 p.m.2 views

EUVD-2025-199215

Malicious code in flatten-unflatten npm...

6.6AI score
Exploits0References1
Rows per page
Query Builder