358 matches found
redux-queue-offline (=0.4.1) potentially affected by CVE-2025-13465 +1 more via lodash.unset (=4.0.2)
lodash.unset NPM version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on lodash.unset and may be impacted: - redux-queue-offline =0.4.1 Source cves: CVE-2025-13465, CVE-2026-2950 Source advisory: SNYK:JS-LODASHUNSET-15869620...
Prototype Pollution
Overview lodash.unset is a The lodash method .unset exported as a module. Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped path segments, potentially...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped path segments, potentially impacting application behaviour. Notes: 1 Version 4.18.0 was intend...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped path segments, potentially impacting application behaviour. Notes: 1 Version 4.18.0 was intend...
Prototype Pollution
Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped pa...
CVE-2026-2950
Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...
DEBIAN-CVE-2026-2950
Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...
UBUNTU-CVE-2026-2950
Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...
CVE-2026-2950
Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...
CVE-2026-2950 lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...
CVE-2026-2950
Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...
CVE-2026-2950 lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...
CVE-2026-2950
CVE-2026-2950 affects lodash ≤ 4.17.23, enabling prototype pollution via array-wrapped path segments in _.unset and _.omit. The attack can delete properties from built-in prototypes (Object.prototype, Number.prototype, String.prototype) without overwriting behavior. The issue is patched in lodash...
CVE-2026-2950
Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...
PT-2026-29328
Name of the Vulnerable Software and Affected Versions Lodash versions prior to 4.18.0 Description Lodash versions 4.17.23 and earlier are susceptible to prototype pollution through the .unset and .omit functions. The initial fix did not fully address the issue, as an attacker can bypass the check...
lodash 安全漏洞
lodash is an open-source JavaScript utility library developed by Lodash Utilities. Lodash versions 4.17.23 and earlier contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution in the .unset and .omit functions, which could lead to the deletion of properties that...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1491)
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1491 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: fix ofiomap memory leak CVE-2023-53424 In the Linux kernel, the following vulnerability has been resolved:...
CVE-2026-27522
OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...
CVE-2026-4389
The CVE-2026-4389 entry concerns the DSGVO snippet for the Leaflet Map and its Extensions WordPress plugin. Affected: Leaflet Map and Extensions, all versions up to 3.1. Issue: Stored Cross-Site Scripting via the leafext-cookie-time and leafext-delete-cookie shortcodes due to insufficient input s...
CVE-2026-27522
OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...