Total
370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19274 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. | |||||
| CVE-2018-11135 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks. | |||||
| CVE-2024-45277 | 1 Sap | 1 Hana-client | 2024-11-14 | N/A | 4.3 MEDIUM |
| The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity. | |||||
| CVE-2024-48910 | 2024-11-01 | N/A | 9.1 CRITICAL | ||
| DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. | |||||
| CVE-2024-21489 | 2024-10-04 | N/A | 8.2 HIGH | ||
| Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype. | |||||
| CVE-2024-21529 | 2024-09-11 | N/A | 8.2 HIGH | ||
| Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program. | |||||
| CVE-2024-21528 | 2024-09-10 | N/A | 5.9 MEDIUM | ||
| All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization. | |||||
| CVE-2024-45435 | 1 Chartist | 1 Chartist | 2024-09-03 | N/A | 9.8 CRITICAL |
| Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. | |||||
| CVE-2024-37287 | 1 Elastic | 1 Kibana | 2024-08-22 | N/A | 7.2 HIGH |
| A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution. | |||||
| CVE-2024-38989 | 2024-08-13 | N/A | 9.8 CRITICAL | ||
| izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||