CVE-2025-5150 – “Docarray Web API Prototype Pollution Vulnerability”

May 25, 2025

CVE ID : CVE-2025-5150

Published : May 25, 2025, 3:15 p.m. | 1 hour, 52 minutes ago

Description : A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticlePacket lets you share files

Next Article CVE-2025-5149 – WCMS Remote Authentication Bypass

Highlights

CVE-2025-53890 – Pyload CAPTCHA JavaScript Evaluation Remote Code Execution

July 15, 2025

CVE ID : CVE-2025-53890

Published : July 15, 2025, 12:15 a.m. | 2 hours, 14 minutes ago

Description : pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

CVE-2025-5150 – “Docarray Web API Prototype Pollution Vulnerability”

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

The Designer’s Guide to Large Language Models

What is the difference between CBT and SFT?

How our principles helped define AlphaFold’s release

md5 – generate / check MD5 message digest

CVE-2025-53890 – Pyload CAPTCHA JavaScript Evaluation Remote Code Execution

Love Arc browser? You can get early access to its new AI-powered replacement

Is your TV sluggish? How to update its firmware via USB stick to speed it up

CVE-2025-35983 – Cisco Controller 7000 Certificate Validation Denial of Service

CVE-2025-5150 – “Docarray Web API Prototype Pollution Vulnerability”

Related Posts