Search Vulnerabilities

Prototype Pollution in parse-nested-form-data via `__proto__` in FormData field names

Jun 1, 2026

CVE-2026-46510

Prototype pollution in form-data-objectizer via bracket-notation form keys

May 29, 2026

CVE-2026-46509

deepobj: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

May 28, 2026

CVE-2026-44483

RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)

May 27, 2026

CVE-2026-44966

Velocity.js: Prototype Pollution in #set path assignment

May 26, 2026

CVE-2026-9101

Prototype pollution in csv parsing

May 20, 2026

CVE-2026-8657

Versions of the package jsondiffpatch before 0

May 16, 2026

CVE-2026-44005

vm2: Sandbox escape

CVE-2026-44292

protobufjs: Prototype injection in generated message constructors

CVE-2026-44290

protobufjs: Process-wide denial of service through unsafe option paths

CVE-2026-8161

multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception

May 12, 2026

CVE-2026-41690

Prototype pollution and path traversal in i18next-http-middleware via user-controlled language and namespace parameters

CVE-2026-42264

Axios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijacking

CVE-2026-42232

n8n: XML Node Prototype Pollution to RCE

CVE-2026-42231

n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE

CVE-2026-42077

Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations

CVE-2026-42041

Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

CVE-2026-42044

Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

CVE-2026-42035

Axios: Header Injection via Prototype Pollution

CVE-2026-42033

Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-45302

Prototype Pollution in parse-nested-form-data via `__proto__` in FormData field names

Jun 1, 2026

CVE-2026-46510

Prototype pollution in form-data-objectizer via bracket-notation form keys

May 29, 2026

CVE-2026-46509

deepobj: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

May 28, 2026

CVE-2026-44483

RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)

May 27, 2026

CVE-2026-44966

Velocity.js: Prototype Pollution in #set path assignment

May 26, 2026

CVE-2026-9101

Prototype pollution in csv parsing

May 20, 2026

CVE-2026-8657

Versions of the package jsondiffpatch before 0

May 16, 2026

CVE-2026-44005

vm2: Sandbox escape

CVE-2026-44292

protobufjs: Prototype injection in generated message constructors

CVE-2026-44290

protobufjs: Process-wide denial of service through unsafe option paths

CVE-2026-8161

multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception

May 12, 2026

CVE-2026-41690

Prototype pollution and path traversal in i18next-http-middleware via user-controlled language and namespace parameters

CVE-2026-42264

Axios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijacking

CVE-2026-42232

n8n: XML Node Prototype Pollution to RCE

CVE-2026-42231

n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE

CVE-2026-42077

Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations

CVE-2026-42041

Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

CVE-2026-42044

Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

CVE-2026-42035

Axios: Header Injection via Prototype Pollution

CVE-2026-42033

Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking