10 matches found
Prototype Pollution
Axios is vulnerable to Prototype Pollution. The vulnerability is due to direct property access of configuration fields in the HTTP adapter e.g., config.auth, config.baseURL, config.socketPath, config.beforeRedirect, config.insecureHTTPParser without hasOwnProperty checks, allowing polluted...
deephas 1.0.7 - Prototype Pollution
Exploit Title: deephas 1.0.7 - Prototype Pollution Google Dork: N/A Date: 2026-02-01 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Vendor Homepage: https://www.npmjs.com/package/deephas Software Link: https://github.com/sharpred/deepHas Version: =...
CVE-2026-40897 Math.js: Unsafe object property setter in mathjs
Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the math...
GHSA-2CP6-34R9-54XX Maker.js has Unsafe Property Copying in makerjs.extendObject
Summary The makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks hasOwnProperty checks and does not filter dangerous keys, allowing inherited properties and potentially malicious...
CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject
Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...
CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject
Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...
CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject
Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...
CVE-2024-34698
FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
PT-2020-15305 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.213 and earlier Jenkins LTS versions 2.204.1 and earlier Description: The issue arises from the improper reuse of encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge...