CVE-2026-15698
CVE-2026-15698 affects kofrasa mingo up to 7.2.1. The vulnerability lies in the Update API’s functions update/updateOne/updateMany, where manipulating the Set argument can lead to prototype pollution of object attributes. The issue is exploitable remotely, and a fix is available in version 7.2.2 ...