3 matches found
CVE-2025-3193
Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...
PT-2025-39711
Name of the Vulnerable Software and Affected Versions algoliasearch-helper versions 2.0.0-rc1 through 3.11.2 Description The package contains a Prototype Pollution issue in the merge function within the merge.js file. This allows modification of the constructor.prototype, potentially leading to...
CVE-2024-43018
Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters maxlevel and minregister. These parameters are used in wsusergerList function from file include\wsfunctions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in...