Total
313 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22443 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-07-26 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | |||||
| CVE-2024-39018 | 2024-07-11 | N/A | 6.3 MEDIUM | ||
| harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39001 | 2024-07-11 | N/A | 6.3 MEDIUM | ||
| ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38987 | 2024-07-11 | N/A | 6.3 MEDIUM | ||
| aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39008 | 2024-07-09 | N/A | 10.0 CRITICAL | ||
| robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38999 | 2024-07-09 | N/A | 10.0 CRITICAL | ||
| jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39853 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39016 | 2024-07-03 | N/A | 8.1 HIGH | ||
| che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39003 | 2024-07-03 | N/A | 7.3 HIGH | ||
| amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39000 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38998 | 2024-07-03 | N/A | 8.4 HIGH | ||
| jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38997 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38996 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38994 | 2024-07-03 | N/A | 7.3 HIGH | ||
| amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38992 | 2024-07-03 | N/A | 8.8 HIGH | ||
| airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38991 | 2024-07-03 | N/A | 8.8 HIGH | ||
| akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-36583 | 2024-07-03 | N/A | 8.1 HIGH | ||
| A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary code via @byondreal/accessor/index. | |||||
| CVE-2024-36578 | 2024-07-03 | N/A | 5.9 MEDIUM | ||
| akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js. | |||||
| CVE-2024-36577 | 2024-07-03 | N/A | 8.3 HIGH | ||
| apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty. | |||||
| CVE-2024-36574 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON (flatten-json/index.js:42) | |||||