Prototype Pollution Archives • Daily CyberSecurity

React Router Vulnerabilities Patched in New Framework Releases

React Router vulnerabilities patch React Router Vulnerabilities CVE-2025-61686

React Router Vulnerabilities Patched in New Framework Releases

Do Son June 4, 2026

Security teams recently discovered multiple flaws in a popular web development package. Specifically, these critical React Router...

New Patches Eradicate Dangerous Axios Proxy Vulnerabilities Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

New Patches Eradicate Dangerous Axios Proxy Vulnerabilities

Do Son June 4, 2026

The popular JavaScript HTTP client library Axios recently released critical fixes to patch major security flaws. Specifically,...

Three Critical 9.4 CVSS Flaws Expose n8n Automation Nodes to Full RCE n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

Three Critical 9.4 CVSS Flaws Expose n8n Automation Nodes to Full RCE

Do Son May 18, 2026

Technical teams using the popular workflow automation platform n8n are facing a high-stakes security advisory after researchers...

Workflow Warning: The n8n CVSS 10.0 Prototype Pollution Crisis n8n RCE Automation Security n8n Vulnerability Prototype Pollution RCE

Workflow Warning: The n8n CVSS 10.0 Prototype Pollution Crisis

Do Son April 24, 2026

In the world of rapid development, n8n has become a favorite for technical teams looking to merge...

CVE-2026-40175 (CVSS 10): Critical Axios Vulnerability and Exploit Code Disclosed Publicly Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

CVE-2026-40175 (CVSS 10): Critical Axios Vulnerability and Exploit Code Disclosed Publicly

Do Son April 12, 2026

A critical security vulnerability in Axios, the ubiquitous promise-based HTTP client for Node.js and the browser, has...

Lodash Patches High-Severity Code Injection Vulnerability Lodash Code Injection CVE-2026-4800

Lodash Patches High-Severity Code Injection Vulnerability

Do Son April 2, 2026

In the world of modern JavaScript, Lodash is the undisputed heavyweight champion of utility libraries, providing the...

NocoBase Critical Alert: Sandbox Escape Grants Attackers Root Access NocoBase RCE Sandbox Escape

NocoBase Critical Alert: Sandbox Escape Grants Attackers Root Access

Do Son April 1, 2026

A critical vulnerability has been unearthed in NocoBase, the AI-powered platform designed for infinite extensibility. The flaw,...

The Weakest Link: Popular Node.js Config Library “Convict” Hit by Prototype Pollution Prototype Pollution node-convict Vulnerability

The Weakest Link: Popular Node.js Config Library “Convict” Hit by Prototype Pollution

Do Son March 30, 2026

A critical vulnerability has been uncovered in node-convict, the widely used configuration management library designed to make...

Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors n8n RCE Automation Security n8n Vulnerability Prototype Pollution RCE

Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors

Do Son March 27, 2026

Security researchers have disclosed two critical vulnerabilities in n8n, the popular fair-code workflow automation platform used by...

CVE-2026-27212: Critical Swiper Prototype Pollution Flaw (CVSS 9.4) Exposes Global Apps Swiper npm Vulnerability CVE-2026-27212

CVE-2026-27212: Critical Swiper Prototype Pollution Flaw (CVSS 9.4) Exposes Global Apps

Do Son February 24, 2026

If your web or mobile application relies on smooth, touch-friendly interfaces, there is a high probability you...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Sandbox Breakout: Critical SandboxJS Flaw (CVE-2026-25881) Allows Host Takeover

Do Son February 11, 2026

A critical vulnerability has been discovered in SandboxJS, a popular library designed to safely execute untrusted JavaScript...

HTTP Down: High-Severity Axios Flaw (CVSS 7.5) Crashes Node.js Servers Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

HTTP Down: High-Severity Axios Flaw (CVSS 7.5) Crashes Node.js Servers

Do Son February 10, 2026

A high-severity vulnerability has been discovered in Axios, the immensely popular HTTP client used by millions of...

“RondoDoX” Strikes Back: Exposed Logs Reveal Massive 9-Month Campaign Targeting Next.js and IoT AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

“RondoDoX” Strikes Back: Exposed Logs Reveal Massive 9-Month Campaign Targeting Next.js and IoT

Do Son December 31, 2025

The RondoDoX botnet has resurfaced with a potent new arsenal, shifting its sights from simple routers to...

CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution CVE-2024-43707 Kibana vulnerability Prototype pollution CVE-2025-25014

CVE-2024-43707 Kibana vulnerability Prototype pollution CVE-2025-25014

CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution

Do Son May 7, 2025

Elastic has issued a critical security advisory for Kibana, warning users of a vulnerability tracked as CVE-2025-25014....

Kibana Code Injection Vulnerability: Prototype Pollution Threat (CVE-2024-12556) CVE-2024-43707 Kibana vulnerability Prototype pollution CVE-2025-25014

Kibana Code Injection Vulnerability: Prototype Pollution Threat (CVE-2024-12556)

Do Son April 9, 2025

A newly disclosed vulnerability in Kibana, the popular open-source data visualization front-end for Elasticsearch, has been rated...

CVE-2024-21512: MySQL2 Vulnerability Puts Millions of Downloads at Risk

Do Son June 3, 2024

MySQL2, a popular MySQL client library for Node.js with over 2 million monthly downloads, has been found...