CWE-1321
Prototype Pollution
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 7 of 7- CVE-2026-53609Critical· 9.115 h ago
ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.set()` traverses dot-notation paths without sanitizing `__proto__`, allowing an authenticated editor to write arbitrary va
- CVE-2026-44490—EPSS 0%18 h ago
axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions
npm - CVE-2026-44495—EPSS 0%18 h ago
axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
npm - CVE-2026-44494—EPSS 0%18 h ago
axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
npm - CVE-2026-34621High· 8.6KEVEPSS 11%20 h ago
Adobe Acrobat and Reader Prototype Pollution Vulnerability
- CVE-2026-44489Low· 3.7EPSS 0%1 d ago
Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix
npm - CVE-2026-46625High· 7.5EPSS 0%1 d ago
JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the
npm
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.