Weaknesses of type CWE-1321
304 resultsCVE-2024-21529HIGHVersions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. EPSS 0.6%CVE-2026-53676HIGHThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user whoEPSS 0.6%CVE-2023-2582MEDIUMA prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applicatioEPSS 0.6%CVE-2024-45277MEDIUMPrototype Pollution vulnerability in SAP HANA ClientEPSS 0.6%CVE-2023-6293HIGHPrototype Pollution in robinbuschmann/sequelize-typescriptEPSS 0.6%CVE-2026-33993MEDIUMLocutus has Prototype Pollution via __proto__ Key Injection in unserialize()EPSS 0.6%CVE-2024-36583HIGHA Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary code via @byondreal/accessor/index.EPSS 0.6%CVE-2025-5150MEDIUMdocarray Web API torch_dataset.py __getitem__ prototype pollutionEPSS 0.6%CVE-2024-39016HIGHche3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers toEPSS 0.6%CVE-2024-21528MEDIUMAll versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improEPSS 0.6%CVE-2026-44005CRITICALvm2: Sandbox escapeEPSS 0.6%CVE-2026-33994MEDIUMLocutus Prototype Pollution due to incomplete fix for CVE-2026-25521EPSS 0.6%CVE-2024-36582CRITICALalexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js)EPSS 0.6%CVE-2025-48054MEDIUMRadashi Vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')EPSS 0.6%CVE-2025-27597HIGHVue I18n Prototype Pollution in `handleFlatJson`EPSS 0.6%CVE-2026-25881CRITICAL@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)EPSS 0.6%CVE-2024-52441CRITICALWordPress Quick Learn plugin <= 1.0.1 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-3982MEDIUMnortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollutionEPSS 0.5%CVE-2024-38994HIGHamoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to eEPSS 0.5%CVE-2024-39853MEDIUMadolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers tEPSS 0.5%