2 matches found
CVE-2026-34221
CVE-2026-34221 affects MikroORM (TypeScript ORM for Node.js). The vulnerability is in the internal Utils.merge helper, which can be triggered during object structure merges and allows prototype pollution by passing keys like proto , constructor , or prototype . Affected versions are prior to 6.6....
CVE-2026-34220
CVE-2026-34220 affects mikro-orm (TypeScript ORM for Node.js). A SQL injection vulnerability exists in versions prior to 6.6.10 and 7.0.6, triggered when specially crafted objects are interpreted as raw SQL query fragments during ORM write APIs (e.g., wrap(entity).assign(userInput) followed by em...