FAIL › dossier
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2021-05-03 | CVE-2021-28860 | critical | ⚡RCE | 50 | In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at ri |
“CVE-2021-28860: In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions.”
“Database CVE, CWE, CISA KEV & Vulnerability Intelligence | CVE Find”
“CVEs and Security Vulnerabilities - OpenCVE”
“Active Exploitation Alert: Critical CVE-2026-20896 Authentication Bypass in Gitea Docker Image Exposes Repositories and Secrets”
“Security researchers are warning organizations using Gitea act_runner with the Docker backend to review their deployments after proof-of-concept (PoC) code for CVE-2026-58053 was publicly released”
“ICS Advisories | CISA”
“U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog”