356 matches found
Use of a Broken or Risky Cryptographic Algorithm
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the process that handles JWT secret assignment. An attacker can gain unauthorized access and impersonate any user, including administrators...
Prototype Pollution
Lodash is vulnerable to Prototype Pollution. The vulnerability is due to incomplete validation of path segments in .unset and .omit functions, which allows an attacker to bypass checks using array-wrapped inputs and delete properties from built-in prototypes...
PT-2026-32381
Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...
SUSE CVE-2026-40223
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...
EUVD-2026-21394
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...
CVE-2026-40223
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...
CVE-2026-40223
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...
UBUNTU-CVE-2026-40223
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...
CVE-2026-40223
Affected software: systemd, versions 258 prior to 260. Vulnerability: local unprivileged user can trigger an assertion if a Delegate=yes and User= unit exists and is running. Root cause: assertion path in systemd when the unit condition is met. Impact: results in an assertion (denial of service v...
CVE-2026-40223
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...
CVE-2026-40223
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...
systemd 安全漏洞
Systemd is a Linux-based system and service manager developed by Lennart Poettering of Germany. This product is compatible with SysV and LSB startup scripts, and it provides a framework for representing dependencies between system services. Prior to version 260, there were security vulnerabilitie...
PT-2026-31932
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...
Linux Distros Unpatched Vulnerability : CVE-2026-2950
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465:...
EUVD-2026-17591
lodash vulnerable to Prototype Pollution via array path bypass in .unset and .omit...
GHSA-F23M-R3PF-42RH lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
Impact Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465 only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties fro...
lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
Impact Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465 only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties fro...
redux-queue-offline (=0.4.1) potentially affected by CVE-2026-2950 via lodash.unset (=4.0.2)
lodash.unset NPM version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on lodash.unset and may be impacted: - redux-queue-offline =0.4.1 Source cves: CVE-2026-2950 Source advisory: OSV:GHSA-F23M-R3PF-42RH...
Prototype Pollution
Overview lodash-amd is a Lodash exported as AMD modules. Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped path segments, potentially impacting applicati...
Prototype Pollution
Overview org.webjars.npm:lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying...