Lucene search
K

20 matches found

EUVD
EUVD
added 2 days ago4 views

EUVD-2026-43601

An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...

7.5CVSS6.1AI score0.00409EPSS
Exploits0References3
NVD
NVD
added 3 days ago4 views

CVE-2026-39042

An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...

7.5CVSS0.00409EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2026-39042

The CVE-2026-39042 issue affects MikroTik RouterOS, specifically 7.21.x prior to 7.21.4 and 7.22.x prior to 7.22.2. The vulnerability resides in the unflatten() function within libumsg.so, allowing a remote attacker to cause a denial of service. No exploitation details are provided in the documen...

7.5CVSS6.1AI score0.00409EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-39042

An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...

0.00409EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/12 2:13 p.m.15 views

devalue has prototype pollution in devalue.parse and devalue.unflatten

In devalue v5.6.3, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service DoS or type confusion...

7.5CVSS5.8AI score0.00373EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/12 11:27 a.m.6 views

CVE-2026-30226

A flaw was found in the Svelte devalue JavaScript library. A remote attacker could exploit a prototype pollution vulnerability by sending maliciously crafted payloads to the devalue.parse or devalue.unflatten functions. Successful exploitation of this flaw could lead to a Denial of Service DoS...

7.5CVSS5.8AI score0.00373EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/11 8:43 p.m.8 views

Prototype Pollution

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Prototype Pollution via the parse or unflatten functions. An attacker can manipulate object prototype...

7.5CVSS6.3AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 5:47 p.m.31 views

CVE-2026-30226 devalue has prototype pollution in devalue.parse and devalue.unflatten

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

6.3CVSS0.00373EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 5:47 p.m.4 views

CVE-2026-30226

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

6.3CVSS5.8AI score0.00373EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2023/01/05 8:51 a.m.41 views

Prototype Pollution

flat is vulnerable to prototype pollution. The vulnerability exists in the unflatten function of index.js, due to the improper checks for the key1 variable which allows an attacker to modify object prototype attributes...

9.8CVSS4.9AI score0.01107EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/12/25 9:30 p.m.41 views

GHSA-2J2X-2GPW-G8FM flat vulnerable to Prototype Pollution

flat helps flatten/unflatten nested Javascript objects. A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes...

9.8CVSS5.4AI score0.01107EPSS
Exploits0References12
OSV
OSV
added 2022/12/25 8:15 p.m.14 views

CVE-2020-36632

A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. It is possible to initiate the atta...

9.8CVSS9.6AI score
Exploits0References6
NVD
NVD
added 2022/12/25 8:15 p.m.28 views

CVE-2020-36632

A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. It is possible to initiate the atta...

9.8CVSS0.01107EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2022/12/25 8:15 p.m.31 views

CVE-2020-36632

A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. It is possible to initiate the atta...

9.8CVSS6.5AI score0.01107EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/12/25 7:37 p.m.34 views

CVE-2020-36632 hughsk flat index.js unflatten prototype pollution

A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. It is possible to initiate the atta...

6.3CVSS9.6AI score0.01107EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/12/25 12:0 a.m.6 views

flat 安全漏洞

flat is a library from Hugh Kennedy's personal developer. It is used to take a nested Javascript object and flatten it, or to unflatten the object using the separator key. A security vulnerability exists in versions prior to flat 5.0.1, which stems from a problem with the unflatten function in th...

9.8CVSS6.8AI score0.01107EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/12/25 12:0 a.m.3 views

PT-2022-9026

Name of the Vulnerable Software and Affected Versions hughsk flat versions up to 5.0.0 Description A critical vulnerability was found in hughsk flat, affecting the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes,...

9.8CVSS6.3AI score0.01107EPSS
Exploits0References20
Veracode
Veracode
added 2021/04/27 5:13 a.m.17 views

Prototype Pollution

safe-flat is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the unflatten function...

9.8CVSS4.8AI score0.03337EPSS
Exploits1References2Affected Software1
Huntr
Huntr
added 2020/12/21 12:0 a.m.10 views

Prototype Pollution in bonnevoyager/nested-objects-util

Description nested-objects-util is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var unflatten = require"nested-objects-util" console.log"Before : " + .polluted; unflatten"proto.polluted": "Yes! Its Polluted" console.log"After : " + .polluted; 2...

2.1AI score
Exploits0
Prion
Prion
added 2016/09/11 9:59 p.m.16 views

Integer overflow

Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260...

4.3CVSS6.7AI score0.00454EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder