Lucene search
K

10 matches found

Veracode
Veracode
added 2026/05/05 1:24 p.m.14 views

Prototype Pollution

Axios is vulnerable to Prototype Pollution. The vulnerability is due to direct property access of configuration fields in the HTTP adapter e.g., config.auth, config.baseURL, config.socketPath, config.beforeRedirect, config.insecureHTTPParser without hasOwnProperty checks, allowing polluted...

9.1CVSS5.8AI score0.00549EPSS
Exploits1References10Affected Software1
Exploit DB
Exploit DB
added 2026/04/30 12:0 a.m.72 views

deephas 1.0.7 - Prototype Pollution

Exploit Title: deephas 1.0.7 - Prototype Pollution Google Dork: N/A Date: 2026-02-01 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Vendor Homepage: https://www.npmjs.com/package/deephas Software Link: https://github.com/sharpred/deepHas Version: =...

9.4CVSS5.2AI score0.00717EPSS
Exploits4
Cvelist
Cvelist
added 2026/04/24 4:48 p.m.25 views

CVE-2026-40897 Math.js: Unsafe object property setter in mathjs

Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the math...

8.8CVSS0.00551EPSS
Exploits0References3
OSV
OSV
added 2026/01/29 3:18 p.m.6 views

GHSA-2CP6-34R9-54XX Maker.js has Unsafe Property Copying in makerjs.extendObject

Summary The makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks hasOwnProperty checks and does not filter dangerous keys, allowing inherited properties and potentially malicious...

6.5CVSS5.9AI score0.00879EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/28 9:35 p.m.26 views

CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

6.5CVSS0.00879EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/28 9:35 p.m.4 views

CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

6.5CVSS5.8AI score0.00879EPSS
Exploits1References3
OSV
OSV
added 2026/01/28 9:35 p.m.7 views

CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

6.5CVSS5.8AI score0.00879EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 9:5 a.m.7 views

CVE-2024-34698

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

6.3CVSS6.4AI score0.00461EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/06/17 9:7 a.m.5 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01495EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2020/01/29 12:0 a.m.3 views

PT-2020-15305 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.213 and earlier Jenkins LTS versions 2.204.1 and earlier Description: The issue arises from the improper reuse of encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge...

8.6CVSS8.2AI score0.01012EPSS
Exploits0References14
Rows per page
Query Builder