Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-1321 Clear
ID Title
CVE-2026-54756 Vulnerability in CVE-2026-54756 (CVE-2026-54756)
vulnerability in CVE-2026-54756 (CVE-2026-54756). Risk of unauthorized operations or information disclosure.
CVE-2026-57926 Vulnerability in jetbrains (CVE-2026-57926)
vulnerability in jetbrains (CVE-2026-57926). Risk of unauthorized operations or information disclosure.
CVE-2026-54639 Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `c...
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `convertTokenData(tokens, { output: 'object' });`; indirect usage, via using Expand API; and/or indire...
CVE-2026-49252 Vulnerability in @deepstream/server (CVE-2026-49252)
vulnerability in @deepstream/server (CVE-2026-49252). Confidential information can be exposed externally. Exploitable via ``__proto__``. Mitigation: upgrade to `10.0.5` or later.
CVE-2026-55388 Code Injection in piscina (CVE-2026-55388)
code injection in piscina (CVE-2026-55388). Successful exploitation can lead to full system takeover. Exploitable via `POST /upload`. Mitigation: upgrade to `6.0.0-rc.2` or later.
CVE-2026-55886 Vulnerability in jodit (CVE-2026-55886)
vulnerability in jodit (CVE-2026-55886). Risk of unauthorized operations or information disclosure. Exploitable via ``chain``. Mitigation: upgrade to `4.12.26` or later.
CVE-2026-53676 Vulnerability in CVE-2026-53676 (CVE-2026-53676)
vulnerability in CVE-2026-53676 (CVE-2026-53676). Successful exploitation can lead to full system takeover.
CVE-2026-54312 Vulnerability in n8n (CVE-2026-54312)
vulnerability in n8n (CVE-2026-54312). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-54306 Vulnerability in n8n (CVE-2026-54306)
vulnerability in n8n (CVE-2026-54306). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-48714 Vulnerability in i18next-http-middleware (CVE-2026-48714)
vulnerability in i18next-http-middleware (CVE-2026-48714). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `3.9.7` or later.
CVE-2026-48713 Vulnerability in i18next-fs-backend (CVE-2026-48713)
vulnerability in i18next-fs-backend (CVE-2026-48713). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `2.6.4` or later.
CVE-2026-12209 Code Injection in CVE-2026-12209 (CVE-2026-12209)
code injection in CVE-2026-12209 (CVE-2026-12209). Risk of unauthorized operations or information disclosure.
CVE-2026-12208 Code Injection in CVE-2026-12208 (CVE-2026-12208)
code injection in CVE-2026-12208 (CVE-2026-12208). Risk of unauthorized operations or information disclosure.
CVE-2026-53609 Vulnerability in CVE-2026-53609 (CVE-2026-53609)
vulnerability in CVE-2026-53609 (CVE-2026-53609). Confidential information can be exposed externally. Exploitable via ``__proto__``.
CVE-2026-44495 Code Injection in axios (CVE-2026-44495)
code injection in axios (CVE-2026-44495). Confidential information can be exposed externally. Exploitable via ``Object.prototype.transformResponse``. Mitigation: upgrade to `1.15.0` or later.
CVE-2026-44494 Vulnerability in axios (CVE-2026-44494)
vulnerability in axios (CVE-2026-44494). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `1.15.0` or later.
CVE-2026-44490 Vulnerability in axios (CVE-2026-44490)
vulnerability in axios (CVE-2026-44490). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `0.32.0` or later.
CVE-2026-44489 Vulnerability in axios (CVE-2026-44489)
vulnerability in axios (CVE-2026-44489). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.16.0` or later.
CVE-2026-46625 Vulnerability in js-cookie (CVE-2026-46625)
vulnerability in js-cookie (CVE-2026-46625). Data can be tampered with by attackers. Exploitable via ``for...in``. Mitigation: upgrade to `3.0.7` or later.
CVE-2026-9101 Vulnerability in CVE-2026-9101 (CVE-2026-9101)
vulnerability in CVE-2026-9101 (CVE-2026-9101). Risk of unauthorized operations or information disclosure.
CVE-2026-45302 Vulnerability in parse-nested-form-data (CVE-2026-45302)
vulnerability in parse-nested-form-data (CVE-2026-45302). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
CVE-2026-46510 Vulnerability in form-data-objectizer (CVE-2026-46510)
vulnerability in form-data-objectizer (CVE-2026-46510). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
CVE-2026-8657 Vulnerability in CVE-2026-8657 (CVE-2026-8657)
vulnerability in CVE-2026-8657 (CVE-2026-8657). Data can be tampered with by attackers.
CVE-2026-46509 Vulnerability in @ranfdev/deepobj (CVE-2026-46509)
vulnerability in @ranfdev/deepobj (CVE-2026-46509). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.3` or later.
CVE-2026-44791 Vulnerability in n8n (CVE-2026-44791)
vulnerability in n8n (CVE-2026-44791). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-44789 Vulnerability in n8n (CVE-2026-44789)
vulnerability in n8n (CVE-2026-44789). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-44005 Code Injection in vm2 (CVE-2026-44005)
code injection in vm2 (CVE-2026-44005). Data can be tampered with by attackers. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-44292 Vulnerability in protobufjs (CVE-2026-44292)
vulnerability in protobufjs (CVE-2026-44292). Risk of unauthorized operations or information disclosure. Exploitable via ``__proto__``. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-44290 Vulnerability in protobufjs (CVE-2026-44290)
vulnerability in protobufjs (CVE-2026-44290). Risk of unauthorized operations or information disclosure. Exploitable via ``parse``. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-8161 Vulnerability in multiparty (CVE-2026-8161)
vulnerability in multiparty (CVE-2026-8161). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `4.3.0` or later.
CVE-2026-44483 Vulnerability in @rvf/set-get (CVE-2026-44483)
vulnerability in @rvf/set-get (CVE-2026-44483). Data can be tampered with by attackers. Exploitable via ``setPath``. Mitigation: upgrade to `6.0.4` or later.
CVE-2026-44966 Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
CVE-2026-41690 Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-42264 Vulnerability in axios (CVE-2026-42264)
vulnerability in axios (CVE-2026-42264). Confidential information can be exposed externally. Exploitable via ``hasOwnProperty``. Mitigation: upgrade to `1.15.2` or later.
CVE-2025-63704 Vulnerability in prototype-pollution (CVE-2025-63704)
vulnerability in prototype-pollution (CVE-2025-63704). Successful exploitation can lead to full system takeover.
CVE-2025-63703 Vulnerability in npm (CVE-2025-63703)
vulnerability in npm (CVE-2025-63703). Successful exploitation can lead to full system takeover.
CVE-2026-42044 Vulnerability in privilege-escalation (CVE-2026-42044)
vulnerability in privilege-escalation (CVE-2026-42044). Data can be tampered with by attackers. Mitigation: upgrade to `1.15.2` or later.
CVE-2026-42041 Authentication Bypass in axios (CVE-2026-42041)
authentication bypass in axios (CVE-2026-42041). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.1` or later.
CVE-2026-42033 Vulnerability in axios (CVE-2026-42033)
vulnerability in axios (CVE-2026-42033). Confidential information can be exposed externally. Mitigation: upgrade to `1.15.1` or later.
CVE-2026-34621 KEV [KEV] Vulnerability in Adobe acrobat-and-reader (CVE-2026-34621)
vulnerability in Adobe acrobat-and-reader (CVE-2026-34621). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-40190 Vulnerability in langchain (CVE-2026-40190)
vulnerability in langchain (CVE-2026-40190). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.5.18` or later.
CVE-2026-33228 Vulnerability in webreflection (CVE-2026-33228)
vulnerability in webreflection (CVE-2026-33228). Successful exploitation can lead to full system takeover.
CVE-2026-29063 Vulnerability in immutable-js (CVE-2026-29063)
vulnerability in immutable-js (CVE-2026-29063). Successful exploitation can lead to full system takeover.
CVE-2026-25639 Vulnerability in axios (CVE-2026-25639)
vulnerability in axios (CVE-2026-25639). Risk of unauthorized operations or information disclosure. Exploitable via ``mergeConfig``. Mitigation: upgrade to `0.30.3` or later.
CVE-2026-25521 Vulnerability in locutus (CVE-2026-25521)
vulnerability in locutus (CVE-2026-25521). Successful exploitation can lead to full system takeover.
CVE-2025-61140 The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
CVE-2025-13465 Vulnerability in lodash (CVE-2025-13465)
vulnerability in lodash (CVE-2025-13465). Risk of unauthorized operations or information disclosure. Exploitable via ``_.unset``. Mitigation: upgrade to `4.17.23` or later.
CVE-2024-39011 Vulnerability in dos (CVE-2024-39011)
vulnerability in dos (CVE-2024-39011). Successful exploitation can lead to full system takeover.
CVE-2023-38894 Vulnerability in tree-kit-project (CVE-2023-38894)
vulnerability in tree-kit-project (CVE-2023-38894). Successful exploitation can lead to full system takeover.
CVE-2022-37257 Vulnerability in stealjs (CVE-2022-37257)
vulnerability in stealjs (CVE-2022-37257). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →