Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7717 | 1 Dot-notes Project | 1 Dot-notes | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package dot-notes are vulnerable to Prototype Pollution via the create function. | |||||
| CVE-2020-7716 | 1 Invertase | 1 Deeps | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package deeps are vulnerable to Prototype Pollution via the set function. | |||||
| CVE-2020-7715 | 1 Deep-get-set Project | 1 Deep-get-set | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function. | |||||
| CVE-2020-7714 | 1 Realseriousgames | 1 Confucious | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package confucious are vulnerable to Prototype Pollution via the set function. | |||||
| CVE-2020-7713 | 1 Arr-flatten-unflatten Project | 1 Arr-flatten-unflatten | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor. | |||||
| CVE-2020-7708 | 1 Irrelon | 2 \@irrelon\/path, Irrelon-path | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. | |||||
| CVE-2020-7707 | 1 Property-expr Project | 1 Property-expr | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function. | |||||
| CVE-2020-35501 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2022-12-02 | 3.6 LOW | 3.4 LOW |
| A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem | |||||
| CVE-2020-7719 | 1 Locutus | 1 Locutus | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. | |||||
| CVE-2020-7718 | 1 Gammautils Project | 1 Gammautils | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions. | |||||
| CVE-2020-7721 | 1 Node-oojs Project | 1 Node-oojs | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function. | |||||
| CVE-2020-7720 | 1 Digitalbazaar | 1 Forge | 2022-12-02 | 7.5 HIGH | 7.3 HIGH |
| The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. | |||||
| CVE-2020-7722 | 1 Nodee-utils Project | 1 Nodee-utils | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function. | |||||
| CVE-2020-7724 | 1 Tiny-conf Project | 1 Tiny-conf | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. | |||||
| CVE-2020-7723 | 1 Yola | 1 Promisehelpers | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function. | |||||
| CVE-2020-7725 | 1 Guidesmiths | 1 Worksmith | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. | |||||
| CVE-2022-3865 | 1 Wp User Merger Project | 1 Wp User Merger | 2022-12-02 | N/A | 8.8 HIGH |
| The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | |||||
| CVE-2022-3849 | 1 Wp User Merger Project | 1 Wp User Merger | 2022-12-02 | N/A | 8.8 HIGH |
| The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | |||||
| CVE-2022-3848 | 1 Wp User Merger Project | 1 Wp User Merger | 2022-12-02 | N/A | 8.8 HIGH |
| The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | |||||
| CVE-2020-7727 | 1 Gedi Project | 1 Gedi | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package gedi are vulnerable to Prototype Pollution via the set function. | |||||