Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25952 | 1 Just-safe-set Project | 1 Just-safe-set | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25949 | 1 Set-getter Project | 1 Set-getter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25948 | 1 Expand-hash Project | 1 Expand-hash | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25945 | 1 Js-extend Project | 1 Js-extend | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-23449 | 1 Vm2 Project | 1 Vm2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine. | |||||
| CVE-2021-23433 | 1 Algolia | 1 Algoliasearch-helper | 2024-11-21 | 6.8 MEDIUM | 5.9 MEDIUM |
| The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns. | |||||
| CVE-2021-23421 | 1 Merge-change Project | 1 Merge-change | 2024-11-21 | 7.5 HIGH | 5.6 MEDIUM |
| All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function. | |||||
| CVE-2021-23417 | 1 Deepmergefn Project | 1 Deepmergefn | 2024-11-21 | 7.5 HIGH | 5.6 MEDIUM |
| All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function. | |||||
| CVE-2021-23403 | 1 Ts-nodash Project | 1 Ts-nodash | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. | |||||
| CVE-2021-23402 | 1 Record-like-deep-assign Project | 1 Record-like-deep-assign | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. | |||||
| CVE-2020-7743 | 1 Mathjs | 1 Mathjs | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. | |||||
| CVE-2020-7617 | 1 Ini-parser Project | 1 Ini-parser | 2024-11-21 | 7.5 HIGH | 4.4 MEDIUM |
| ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload. | |||||
| CVE-2020-24914 | 1 Qcubed | 1 Qcubed | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. | |||||
| CVE-2020-24036 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | |||||
| CVE-2020-11872 | 1 Bluetrace | 1 Opentrace | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs. | |||||
| CVE-2019-9057 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection. | |||||