Threats Tagged 'cve-2026-33228'
View all threats tagged with 'cve-2026-33228'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-33228'
Click on any threat for detailed analysis and mitigation recommendations
GCVE Database | 06/02/2026, 13:10:36 UTC Added: 05/26/2026, 20:58:28 UTC | |
Red Hat Security Advisory: Network Observability 1.11.2 for OpenShiftCVE-2025-62718 0 Network flows collector and monitoring solution. Join the discussion | GCVE Database | 05/13/2026, 07:11:01 UTC Added: 05/26/2026, 20:58:28 UTC |
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release UpdateCVE-2025-62718 0 Red Hat Advanced Cluster Security for Kubernetes (RHACS) version 4.9.7 includes important security and bug fixes addressing multiple vulnerabilities, including CVE-2025-62718 and several others. The update resolves issues such as inconsistent CVE severity reporting and multiple security flaws identified in the product. Users of earlier RHACS versions are advised to upgrade to 4.9.7 to benefit from these fixes and enhancements. Join the discussion | GCVE Database | 06/09/2026, 17:09:44 UTC Added: 05/26/2026, 20:58:27 UTC |
Red Hat Security Advisory: Kiali 2.11.9 for Red Hat OpenShift Service Mesh 3.1CVE-2025-62718 0 Kiali 2.11.9, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently. Security Fix(es): * CVE-2025-62718 Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization (OSSM-13231, OSSM-13234) * CVE-2026-25679 Incorrect parsing of IPv6 host literals in net/url (OSSM-12921) * CVE-2026-29074 SVGO: Denial of Service via XML entity expansion (OSSM-12897, OSSM-12898) * CVE-2026-29063 Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (OSSM-12977, OSSM-12978) * CVE-2026-33186 gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (OSSM-13012) * CVE-2026-4800 lodash: Arbitrary code execution via untrusted input in template imports (OSSM-13119, OSSM-13120) * CVE-2026-34986 Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (OSSM-13147) * CVE-2026-40175 Axios: Remote Code Execution via Prototype Pollution escalation (OSSM-13256, OSSM-13257) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Join the discussion | GCVE Database | 04/16/2026, 14:03:40 UTC Added: 05/26/2026, 20:57:54 UTC |
CVE-2026-33228: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in WebReflection flattedCVE-2026-33228 0 flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "__proto__" returns Array.prototype via the inherited getter. This object is then treated as a legitimate parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype to the consumer. Any code that subsequently writes to that property will pollute the global prototype. This issue has been patched in version 3.4.2. Join the discussion | CVE Database V5 | 03/20/2026, 23:06:48 UTC Added: 03/20/2026, 23:12:40 UTC |
Showing 1 to 5 of 5 results