CVE-2026-46625: JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection — Zero Day Monitor