Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1321 — Vulnerability Class 138

138 vulnerabilities classified as CWE-1321. AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-42033 Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking — axios 7.4 High2026-04-24
CVE-2026-6621 1024bit extend-deep index.js prototype pollution — extend-deep 7.3 High2026-04-20
CVE-2026-6594 brikcss merge prototype pollution — merge 7.3 High2026-04-20
CVE-2026-34622 Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) — Acrobat Reader 8.6 High2026-04-14
CVE-2026-34626 Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) — Acrobat Reader 6.3 Medium2026-04-14
CVE-2026-34621 Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) — Acrobat Reader 8.6 High2026-04-11
CVE-2026-40190 LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()` — langsmith-sdk 5.6 Medium2026-04-10
CVE-2026-35209 defu: Prototype pollution via `__proto__` key in defaults argument — defu 7.5 High2026-04-06
CVE-2026-2950 lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit` — lodash 6.5 Medium2026-03-31
CVE-2026-34221 MikroORM has Prototype Pollution in Utils.merge — mikro-orm 8.2AIHighAI2026-03-31
CVE-2026-33994 Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521 — locutus 9.8 -2026-03-27
CVE-2026-33993 Locutus has Prototype Pollution via __proto__ Key Injection in unserialize() — locutus 9.8 -2026-03-27
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching — picomatch 5.3 Medium2026-03-26
CVE-2026-33696 n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE — n8n 8.8 -2026-03-25
CVE-2026-33228 flatted: Prototype Pollution via parse() — flatted 9.1 -2026-03-20
CVE-2026-32886 Parse Server's Cloud function dispatch crashes server via prototype chain traversal — parse-server 7.5 -2026-03-18
CVE-2026-32878 Parse Server vulnerable to schema poisoning via prototype pollution in deep copy — parse-server 8.2 -2026-03-18
CVE-2026-31865 Elysia Cookie Value Prototype Pollution — elysia 6.5 Medium2026-03-18
CVE-2026-27524 OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path — OpenClaw 4.3 Medium2026-03-18
CVE-2026-4239 Lagom WHMCS Template Datatables prototype pollution — WHMCS Template 3.5 Low2026-03-16
CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization — federation-internals 9.9 Critical2026-03-13
CVE-2026-30226 devalue has prototype pollution in devalue.parse and devalue.unflatten — devalue 9.1AICriticalAI2026-03-11
CVE-2026-30939 Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution — parse-server 7.5AIHighAI2026-03-10
CVE-2026-29063 Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable — immutable-js 9.8 -2026-03-06
CVE-2026-28794 oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization — orpc 9.8 -2026-03-06
CVE-2026-27837 Dottie vulnerable to prototype pollution bypass via non-first path segments in set() and transform() — dottie.js 6.3 Medium2026-02-26
CVE-2026-2964 higuma web-audio-recorder-js Dynamic Config Handling WebAudioRecorder.js extend prototype pollution — web-audio-recorder-js 5.0 Medium2026-02-23
CVE-2026-27212 Swiper has a Prototype Pollution Vulnerability — swiper 9.8AICriticalAI2026-02-21
CVE-2026-26021 Prototype pollution in set-in — set-in 9.8AICriticalAI2026-02-11
CVE-2026-25881 @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape) — SandboxJS 9.1 Critical2026-02-09

Vulnerabilities classified as CWE-1321 represent 138 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.