Total
384 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52441 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Rajesh Thanoch Quick Learn allows Object Injection.This issue affects Quick Learn: from n/a through 1.0.1. | |||||
| CVE-2024-39018 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39016 | 2024-11-21 | N/A | 8.1 HIGH | ||
| che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39014 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39013 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| 2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39012 | 1 Ais | 1 Strategyen | 2024-11-21 | N/A | 9.8 CRITICAL |
| ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39011 | 1 Chargeover | 1 Redoc | 2024-11-21 | N/A | 9.8 CRITICAL |
| Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects. | |||||
| CVE-2024-39010 | 1 Chasemoskal | 1 Snapstate | 2024-11-21 | N/A | 9.8 CRITICAL |
| chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39008 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38999 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38992 | 2024-11-21 | N/A | 8.8 HIGH | ||
| airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38991 | 2024-11-21 | N/A | 8.8 HIGH | ||
| akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38987 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38986 | 1 75lb | 1 Deep-merge | 2024-11-21 | N/A | 9.8 CRITICAL |
| Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects. | |||||
| CVE-2024-38984 | 1 Lukebond | 1 Json-override | 2024-11-21 | N/A | 9.8 CRITICAL |
| Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via the __proto__ property. | |||||
| CVE-2024-38983 | 1 Alykoshin | 1 Mini-deep-assign | 2024-11-21 | N/A | 9.8 CRITICAL |
| Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at (/lib/index.js:91) | |||||
| CVE-2024-36583 | 2024-11-21 | N/A | 8.1 HIGH | ||
| A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary code via @byondreal/accessor/index. | |||||
| CVE-2024-36582 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js) | |||||
| CVE-2024-36580 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code. | |||||
| CVE-2024-36578 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js. | |||||