Total
383 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4307 | 1 Baobab Project | 1 Baobab | 2024-11-25 | 6.3 Medium |
| A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The patch is named c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627. | ||||
| CVE-2024-52441 | 1 Rajesh Thanoch | 1 Quick Learn | 2024-11-21 | 9.8 Critical |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Rajesh Thanoch Quick Learn allows Object Injection.This issue affects Quick Learn: from n/a through 1.0.1. | ||||
| CVE-2024-39853 | 2024-11-21 | 6.5 Medium | ||
| adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39018 | 1 Harvey-woo | 1 Key-serializer | 2024-11-21 | 6.3 Medium |
| harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39016 | 1 Che3vinci | 1 Utils | 2024-11-21 | 8.1 High |
| che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39014 | 2024-11-21 | 9.8 Critical | ||
| ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39013 | 2024-11-21 | 9.8 Critical | ||
| 2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39012 | 2 Ais, Aisltd | 2 Strategyen, Strategyen | 2024-11-21 | 9.8 Critical |
| ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39011 | 2 Chargeover, Redocly | 2 Redoc, Redoc | 2024-11-21 | 9.8 Critical |
| Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects. | ||||
| CVE-2024-39010 | 1 Chasemoskal | 1 Snapstate | 2024-11-21 | 9.8 Critical |
| chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39008 | 2 Redhat, Robinweser | 2 Rhdh, Fast-loops | 2024-11-21 | 10 Critical |
| robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38999 | 1 Jrburke | 1 Requirejs | 2024-11-21 | 10 Critical |
| jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38992 | 1 Airvert Thuan | 1 Frappejs | 2024-11-21 | 8.8 High |
| airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38991 | 1 Akbr | 1 Patch-into | 2024-11-21 | 8.8 High |
| akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38987 | 1 Ageoflearning | 1 Cli-lib | 2024-11-21 | 6.3 Medium |
| aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38986 | 1 75lb | 1 Deep-merge | 2024-11-21 | 9.8 Critical |
| Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects. | ||||
| CVE-2024-38984 | 1 Lukebond | 1 Json-override | 2024-11-21 | 9.8 Critical |
| Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via the __proto__ property. | ||||
| CVE-2024-38983 | 1 Alykoshin | 1 Mini-deep-assign | 2024-11-21 | 9.8 Critical |
| Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at (/lib/index.js:91) | ||||
| CVE-2024-36583 | 1 Byondreal | 1 Accessor | 2024-11-21 | 8.1 High |
| A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary code via @byondreal/accessor/index. | ||||
| CVE-2024-36582 | 2024-11-21 | 9.8 Critical | ||
| alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js) | ||||