Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1321

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Parent: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

444 vulnerabilities with CWE-1321

Immutable.js <3.8.3/4.3.7/5.1.5 - Prototype Pollution

@orpc/client <1.13.6 - Deserialization

RustDesk Client - Info Disclosure

CVE-2026-27837 MEDIUM

Dottie 2.0.4-2.0.6 - Prototype Pollution

CVE-2026-2964 MEDIUM

higuma web-audio-recorder-js 0.1/0.1.1 - Prototype Pollution

CVE-2026-27212 HIGH

Swiper 6.5.1-12.1.1 - Prototype Pollution

CVE-2025-70956 HIGH

TON TVM <2025.04 - Info Disclosure

CVE-2026-26021 CRITICAL

Set-in < 2.0.5 - Prototype Pollution

CVE-2026-25881 CRITICAL

Nyariv Sandboxjs < 0.8.31 - Prototype Pollution

CVE-2026-25754 HIGH

Adonisjs Bodyparser < 10.1.3 - Prototype Pollution

CVE-2026-25521 HIGH

NPM Locutus < 2.0.39 - Prototype Pollution

CVE-2026-25150 CRITICAL

Qwik < 1.19.0 - Prototype Pollution

CVE-2026-25142 CRITICAL

Nyariv Sandboxjs < 0.8.27 - Code Injection

CVE-2026-25047 HIGH

NPM Deephas < 1.0.8 - Prototype Pollution

CVE-2026-24888 MEDIUM

Microsoft Maker.js < 0.19.1 - Prototype Pollution

CVE-2026-24766 MEDIUM

Nocodb < 0.301.0 - Prototype Pollution

CVE-2025-61140 CRITICAL

jsonpath 1.1.1 - Info Disclosure

CVE-2026-23736 HIGH

seroval <1.4.1 - Prototype Pollution

CVE-2025-13465 MEDIUM

NPM Lodash < 4.17.23 - Prototype Pollution

CVE-2026-21854 CRITICAL

Tarkov Data Manager < 2025-01-02 - Authentication Bypass

CVE-2024-14020 MEDIUM

NPM Carbone < 3.5.6 - Code Injection

NPM Apidoc-core - Prototype Pollution

Trpc Server < 10.45.3 - Prototype Pollution

CVE-2025-8083 HIGH

NPM Vuetify < 3.0.0-alpha.10 - Prototype Pollution

CVE-2025-66456 CRITICAL

Elysia <1.4.16 - Prototype Pollution

Page 1 of 18 Next

Details

Vulnerabilities 444

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy