Weaknesses of type CWE-1321
304 resultsCVE-2025-57329HIGHweb3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObjectEPSS 0.4%CVE-2025-57325HIGHrollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error trackiEPSS 0.4%CVE-2025-57318HIGHA Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.proEPSS 0.4%CVE-2026-25754HIGHAdonisJS multipart body parsing has Prototype Pollution issueEPSS 0.4%CVE-2025-3197MEDIUMVersions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function eEPSS 0.4%CVE-2026-46625HIGHJavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injectionEPSS 0.4%CVE-2025-62517MEDIUMRollbar.js Prototype Pollution Vulnerability in merge()EPSS 0.4%CVE-2025-68130HIGHtRPC has possible prototype pollution in `experimental_nextAppDirCaller`EPSS 0.4%CVE-2026-24766MEDIUMNocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoSEPSS 0.3%CVE-2025-57820HIGHSvelte devalue vulnerable to prototype pollutionEPSS 0.3%CVE-2026-32878MEDIUMParse Server vulnerable to schema poisoning via prototype pollution in deep copyEPSS 0.3%CVE-2026-34626MEDIUMAcrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)EPSS 0.3%CVE-2026-6594MEDIUMbrikcss merge prototype pollutionEPSS 0.3%CVE-2026-6621MEDIUM1024bit extend-deep index.js prototype pollutionEPSS 0.3%CVE-2025-61140CRITICALThe value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.EPSS 0.3%CVE-2025-57352MEDIUMA vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in theEPSS 0.3%CVE-2025-57324MEDIUMparse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeStatEPSS 0.3%CVE-2025-57353MEDIUMThe Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient vaEPSS 0.3%CVE-2025-62410CRITICAL--disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-domEPSS 0.3%CVE-2025-13465MEDIUMPrototype Pollution Vulnerability in Lodash _.unset and _.omit functionsEPSS 0.3%