Weaknesses of type CWE-1321
304 resultsCVE-2026-42035HIGHAxios: Header Injection via Prototype PollutionEPSS 0.4%CVE-2022-3901HIGHVisioweb.js - Prototype Pollution can results in XSSEPSS 0.4%CVE-2025-57323HIGHmpregular is a package that provides a small program development framework based on RegularJS. A Prototype Pollution vulnerability in the mpEPSS 0.4%CVE-2024-39000MEDIUMadolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers EPSS 0.4%CVE-2025-57326HIGHA Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject propertiesEPSS 0.4%CVE-2025-57348MEDIUMThe node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allowEPSS 0.4%CVE-2026-42033HIGHAxios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request HijackingEPSS 0.4%CVE-2026-34221HIGHMikroORM has Prototype Pollution in Utils.mergeEPSS 0.4%CVE-2025-62374MEDIUMParse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIsEPSS 0.4%CVE-2026-30226MEDIUMdevalue has prototype pollution in devalue.parse and devalue.unflattenEPSS 0.4%CVE-2026-44290HIGHprotobufjs: Process-wide denial of service through unsafe option pathsEPSS 0.4%CVE-2025-57349HIGHThe messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollutiEPSS 0.4%CVE-2026-8657HIGHVersions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/forEPSS 0.4%CVE-2025-64718MEDIUMjs-yaml has prototype pollution in merge (<<)EPSS 0.4%CVE-2025-32014MEDIUMestree-util-value-to-estree allows prototype pollution in generated ESTreeEPSS 0.4%CVE-2026-2964LOWhiguma web-audio-recorder-js Dynamic Config Handling WebAudioRecorder.js extend prototype pollutionEPSS 0.4%CVE-2025-57318HIGHA Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.proEPSS 0.4%CVE-2025-57328HIGHtoggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objEPSS 0.4%CVE-2025-26278HIGHA prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payEPSS 0.4%CVE-2025-57327HIGHspmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability in the set and config function of spmrc versionEPSS 0.4%