Total
374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38983 | 1 Alykoshin | 1 Mini-deep-assign | 2024-11-21 | N/A | 9.8 CRITICAL |
| Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at (/lib/index.js:91) | |||||
| CVE-2024-36583 | 2024-11-21 | N/A | 8.1 HIGH | ||
| A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary code via @byondreal/accessor/index. | |||||
| CVE-2024-36582 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js) | |||||
| CVE-2024-36580 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code. | |||||
| CVE-2024-36578 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js. | |||||
| CVE-2024-36577 | 2024-11-21 | N/A | 8.3 HIGH | ||
| apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty. | |||||
| CVE-2024-36574 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON (flatten-json/index.js:42) | |||||
| CVE-2024-36573 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269) component. | |||||
| CVE-2024-36572 | 1 Allpro | 1 Formmanager Data Handler | 2024-11-21 | N/A | 9.8 CRITICAL |
| Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue. | |||||
| CVE-2024-34273 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method. | |||||
| CVE-2024-33519 | 2024-11-21 | N/A | 7.2 HIGH | ||
| A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | |||||
| CVE-2024-32866 | 2024-11-21 | N/A | 8.6 HIGH | ||
| Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to `parseWith...` functions. Applications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability. Version 1.1.1 contains a patch for the issue. | |||||
| CVE-2024-30564 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method. | |||||
| CVE-2024-29651 | 2024-11-21 | N/A | 8.1 HIGH | ||
| A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions. | |||||
| CVE-2024-29650 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components. | |||||
| CVE-2024-24293 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js. | |||||
| CVE-2024-23339 | 1 Elijahharry | 1 Hoolock | 2024-11-21 | N/A | 6.3 MEDIUM |
| hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties. | |||||
| CVE-2024-22443 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-11-21 | N/A | 7.2 HIGH |
| A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | |||||
| CVE-2024-21512 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables. | |||||
| CVE-2023-6293 | 1 Sequelizejs | 1 Sequelize-typescript | 2024-11-21 | N/A | 7.1 HIGH |
| Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6. | |||||