Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code...
9.8CVSS
9.7AI Score
0.003EPSS
Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are...
7.6CVSS
7.6AI Score
0.001EPSS
All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js...
7.5CVSS
7.5AI Score
0.001EPSS
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers),.....
9.8CVSS
9.5AI Score
0.004EPSS
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing...
4.2CVSS
4.2AI Score
0.001EPSS
All versions of package dot-notes are vulnerable to Prototype Pollution via the create...
9.8CVSS
9.4AI Score
0.005EPSS
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto'...
5.3CVSS
5.2AI Score
0.001EPSS
The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on...
8.8CVSS
8.4AI Score
0.001EPSS
dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a proto...
6.3CVSS
6.3AI Score
0.001EPSS
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as...
7.3CVSS
7.2AI Score
0.002EPSS
In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted tags in packages being fetched by gddo to cause a directory traversal and remote code...
9.8CVSS
9.6AI Score
0.014EPSS
Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still...
3.3CVSS
4.2AI Score
0.001EPSS