Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1321

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Parent: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

501 vulnerabilities with CWE-1321

CVE-2026-27524 MEDIUM

OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path

CVE-2026-4239 LOW

Lagom WHMCS Template Datatables prototype pollution

CVE-2026-32621 CRITICAL

Apollo Federation has prototype pollution via incomplete key sanitization

CVE-2026-30226 HIGH

Svelte devalue <=5.6.3 - Deserialization

CVE-2026-30939 HIGH

Parse Server <8.6.13/9.5.1-alpha.2 - DoS

CVE-2026-29063 CRITICAL

Immutable.js <3.8.3/4.3.7/5.1.5 - Prototype Pollution

CVE-2026-28794 CRITICAL

@orpc/client <1.13.6 - Deserialization

CVE-2026-30785 MEDIUM

rustdesk < 1.4.5 - Prototype Pollution and Insufficient Password Hash Effort

CVE-2026-27837 MEDIUM

Dottie 2.0.4-2.0.6 - Prototype Pollution

CVE-2026-2964 MEDIUM

higuma web-audio-recorder-js 0.1/0.1.1 - Prototype Pollution

CVE-2026-27212 HIGH

Swiper 6.5.1-12.1.1 - Prototype Pollution

CVE-2026-26021 CRITICAL

set-in 2.0.1-2.0.4 - Prototype Pollution via Array.prototype

CVE-2026-25881 CRITICAL

sandboxjs < 0.8.31 - Prototype Pollution via Array Literal Taint Bypass

CVE-2026-25754 HIGH

AdonisJS bodyparser < 10.1.3 - Prototype Pollution via Multipart Form-Data Parsing

CVE-2026-25521 HIGH

locutus 2.0.12-2.0.38 - Prototype Pollution via String.prototype

CVE-2026-25150 CRITICAL

Qwik and Qwik City < 1.19.0 - Unauthenticated Prototype Pollution via formToObj Function

CVE-2026-25142 CRITICAL

SandboxJS < 0.8.27 - Prototype Pollution via __lookupGetter__

CVE-2026-25047 HIGH

deephas < 1.0.8 - Prototype Pollution

CVE-2026-24888 MEDIUM

maker.js <= 0.19.1 - Prototype Pollution via makerjs.extendObject

CVE-2026-24766 MEDIUM

NocoDB < 0.301.0 - Authenticated Prototype Pollution via /api/v2/meta/connection/test Endpoint

CVE-2026-23736 HIGH

seroval <1.4.1 - Prototype Pollution

CVE-2026-21854 CRITICAL

Tarkov Data Manager < 2025-01-02 - Unauthenticated Authentication Bypass via Prototype Pollution

CVE-2025-63704 CRITICAL

query-parser-string 1.0.0 - Prototype Pollution

CVE-2025-63703 CRITICAL

parse-ini 1.0.6 - Prototype Pollution

CVE-2025-70956 HIGH

TON Virtual Machine < v2025.04 - State Pollution via Non-Atomic Child VM Initialization

Previous Page 3 of 21 Next

Details

Vulnerabilities 501

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy