Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1321 — Vulnerability Class 138

138 vulnerabilities classified as CWE-1321. AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-25754 AdonisJS multipart body parsing has Prototype Pollution issue — core 7.2 High2026-02-06
CVE-2026-25521 Locutus is vulnerable to Prototype Pollution — locutus 9.8 -2026-02-04
CVE-2026-25150 Prototype Pollution via FormData Processing in Qwik City — qwik 9.3 Critical2026-02-03
CVE-2026-25047 deepHas vulnerable to Prototype Pollution via constructor.prototype — deepHas 5.3AIMediumAI2026-01-29
CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject — maker.js 6.5 Medium2026-01-28
CVE-2026-24766 NocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoS — nocodb 4.9 Medium2026-01-28
CVE-2026-23736 seroval Affected by Prototype Pollution via JSON Deserialization — seroval 7.3 High2026-01-21
CVE-2025-13465 Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions — Lodash 9.1AICriticalAI2026-01-21
CVE-2024-14020 carboneio carbone Formatter input.js prototype pollution — carbone 5.0 Medium2026-01-07
CVE-2025-13158 apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker — apidoc-core 9.8 -2025-12-26
CVE-2025-68130 tRPC has possible prototype pollution in `experimental_nextAppDirCaller` — trpc 9.8AICriticalAI2025-12-16
CVE-2025-8083 Vuetify Prototype Pollution via Preset options — Vuetify 8.6 High2025-12-12
CVE-2025-66456 Elysia vulnerable to prototype pollution with multiple standalone schema validation — elysia 9.8AICriticalAI2025-12-09
CVE-2025-64718 js-yaml has prototype pollution in merge (<<) — js-yaml 5.3 Medium2025-11-13
CVE-2025-62517 Rollbar.js Prototype Pollution Vulnerability in merge() — rollbar.js 5.9 Medium2025-10-23
CVE-2025-62410 --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom — happy-dom 10.0 -2025-10-15
CVE-2025-62381 sveltekit-superforms Prototype Pollution in `parseFormData` function of `formData.js` — sveltekit-superforms 9.8AICriticalAI2025-10-15
CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs — Parse-SDK-JS 6.4 Medium2025-10-14
CVE-2025-3193 algoliasearch-helper 安全漏洞 — algoliasearch-helper 7.5 High2025-09-27
CVE-2025-58280 Huawei HarmonyOS 安全漏洞 — HarmonyOS 8.4 High2025-09-05
CVE-2025-57820 Svelte devalue vulnerable to prototype pollution — devalue 9.1AICriticalAI2025-08-26
CVE-2025-55195 @std/toml Prototype Pollution in Node.js and Browser — std 7.3 High2025-08-14
CVE-2025-55164 content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE — content-security-policy-parser 9.8AICriticalAI2025-08-12
CVE-2025-54803 js-toml is vulnerable to Prototype Pollution — js-toml 9.8AICriticalAI2025-08-05
CVE-2025-34146 nyariv sandboxjs 0.8.23 Prototype Pollution Sandbox Escape DoS — sandboxjs 9.8AICriticalAI2025-07-31
CVE-2025-8101 Linkify 4.3.1 - Prototype Pollution & HTML Attribute Injection (XSS) — Linkify 6.1 -2025-07-25
CVE-2025-49223 billboard.js 安全漏洞 — billboard.js 9.8AICriticalAI2025-06-04
CVE-2025-48054 Radashi Vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') — radashi 9.8AICriticalAI2025-05-27
CVE-2025-5150 docarray Web API torch_dataset.py __getitem__ prototype pollution — docarray 6.3 Medium2025-05-25
CVE-2025-25014 Kibana arbitrary code execution via prototype pollution — Kibana 9.1 Critical2025-05-06

Vulnerabilities classified as CWE-1321 represent 138 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.