7 matches found
CVE-2026-33993
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized...
CVE-2026-33994
Locutus (npm) in parse_str.js is affected by a prototype-pollution vulnerability in versions 2.0.39 through 3.0.24, due to an incomplete fix for CVE-2026-25521. The attack can pollute Object.prototype by overriding RegExp.prototype.test and supplying a crafted query string, bypassing the guard th...
CVE-2026-33994 Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...
CVE-2026-33993 Locutus has Prototype Pollution via __proto__ Key Injection in unserialize()
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized...
CVE-2026-33993
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized...
Craft CMS Cross-Site Scripting Vulnerability (CNVD-2019-03526)
Craft CMS is a content management system CMS for developers and content managers. A cross-site scripting vulnerability exists in the /admin-panel-path/index.php?p=admin/actions/entries/save-entry URL in Craft CMS version 3.0.25. A remote attacker can exploit this vulnerability to inject arbitrary...
Samba < 3.0.25 Multiple Vulnerabilities
Binary data 3990.prm...