Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1321

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Parent: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

501 vulnerabilities with CWE-1321

CVE-2025-61140 CRITICAL

dchester/jsonpath 1.1.1 - Prototype Pollution via Value Function

CVE-2025-13465 MEDIUM

lodash 4.0.0-4.17.22 - Prototype Pollution via _.unset and _.omit Functions

CVE-2025-13158 CRITICAL

apidoc-core >=0.2.0 - Prototype Pollution via Malformed Data Structures

CVE-2025-68130 HIGH

tRPC 10.27.0-10.45.2 and 11.0.0-11.7.9 - Prototype Pollution via FormData Field Names

CVE-2025-8083 HIGH

Vuetify 2.2.0-beta.2-3.0.0-alpha.10 - Prototype Pollution via Preset Configuration

CVE-2025-66456 CRITICAL

Elysia <1.4.16 - Prototype Pollution

CVE-2025-13204 HIGH

expr-eval < 2.0.2 - Prototype Pollution via JavaScript Expression Evaluation

CVE-2025-64718 MEDIUM

js-yaml < 3.14.2 and 4.0.0-4.1.1 - Prototype Pollution via __proto__

CVE-2025-62517 MEDIUM

rollbar.js < 2.26.5 and 3.0.0-alpha1-3.0.0-beta5 - Prototype Pollution via merge()

CVE-2025-62410 CRITICAL

happy-dom < 20.0.2 - Prototype Pollution via Incomplete Isolate Protection

CVE-2025-62381 HIGH

sveltekit-superforms < 2.27.4 - Prototype Pollution via parseFormData Function

CVE-2025-62374 MEDIUM

Parse < 7.0.0 - Prototype Pollution via ParseObject.fromJSON

CVE-2025-3193 HIGH

algoliasearch-helper 2.0.0-rc1-3.11.1 - Prototype Pollution via _merge() Function

CVE-2025-26278 HIGH

dref 0.1.2 - Denial of Service via Prototype Pollution in lib.set

CVE-2025-57324 MEDIUM

parse < 5.3.0 - Prototype Pollution via SingleInstanceStateController.initializeState

CVE-2025-57320 MEDIUM

json-schema-editor-visual < 1.1.1 - Prototype Pollution via setData and deleteData Functions

CVE-2025-57318 HIGH

csvjson < 5.1.0 - Prototype Pollution via toCsv Function

CVE-2025-57329 HIGH

web3-core-method < 1.10.4 - Prototype Pollution via attachToObject Function

CVE-2025-57328 HIGH

toggle-array < 1.0.1 - Prototype Pollution via Enable/Disable Function

CVE-2025-57327 HIGH

spmrc < 1.2.0 - Prototype Pollution via set and config Functions

CVE-2025-57326 HIGH

sassdoc-extras < 2.5.1 - Prototype Pollution via byGroupAndType Function

CVE-2025-57325 HIGH

rollbar < 2.26.4 - Prototype Pollution via utility.set Function

CVE-2025-57323 HIGH

mpregular < 0.2.0 - Prototype Pollution via mp.addEventHandler

CVE-2025-57321 CRITICAL

magix-combine-ex < 1.2.10 - Prototype Pollution via util-deps.addFileDepend

CVE-2025-57351 MEDIUM

ts-fns < 13.0.7 - Prototype Pollution via Insufficient Key Validation in assign Function

Previous Page 4 of 21 Next

Details

Vulnerabilities 501

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy