57 matches found
CVE-2025-24887
OpenCTI has a CVE-2025-24887 vulnerability affecting versions 6.4.8–6.4.9. The issue lets a user bypass the allow/deny lists to modify attributes meant to be immutable, including toggling the external flag, changing a user’s own token, and editing non-allow-listed attributes such as otp_qr and ot...
PT-2025-18314 · Opencti · Opencti
Name of the Vulnerable Software and Affected Versions: OpenCTI versions 6.4.8 through 6.4.9 Description: The issue allows a user to bypass allow/deny lists and modify attributes that are intended to be unmodifiable. This includes toggling the external flag on/off, changing the own token value for...
CVE-2025-21840
In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool 1, which uses the THERMALGENLATTRCPUCAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault...
PT-2025-34411
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the hfsplus filesystem. Syzbot reported an issue where a mutex lock check in hfsplus free extents could trigger warnings and errors during...
Vulnerability of JetBrains YouTrack’s data merging functions, which allows attackers to execute a “ prototype contamination ” attack.
The vulnerability of the data merging functions in the JetBrains YouTrack project and task management software is related to the uncontrolled modification of prototype object attributes. Exploiting this vulnerability could allow a malicious actor to execute an “infection of the prototype” attack...
CVE-2024-40575
An issue in Huawei Technologies opengauss openGauss 5.0.0 build v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview org.webjars.npm:ag-grid-enterprise is an Advanced Data Grid / Data Table supporting Javascript / Typescript / React / Angular / Vue Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the .mergeDeep...
AnythingLLM 安全漏洞
AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from vulnerability to improper neutralization in the use of special elements in expression language statements, allowing all existing attributes of a database entity to be...
SUSE CVE-2019-16328
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings...
CVE-2022-34621
Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...
Prototype Pollution
dset is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the merge function in the merge.js and modify attributes such as proto, constructor, and prototype...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the block editor. An attacker can manipulate the object prototyp...
Prototype Pollution
putil-merge is vulnerable to prototype pollution. The vulnerability exists due to the validations are not handled properly in the merge method in merge.js file which allows an attacker to inject properties into existing construct prototypes and modify attributes...
the function deepFromFlat of underscore.deep is vulnerable to prototype pollution
Prototype Pollution in Clever/underscore.deep Reported on Feb 2nd 2022 | Timothee Desurmont Description Vulnerability type: CWE-1321 Version 0.5.1 of underscore.deep is vulnerable to prototype pollution; the function deepFromFlat in underscore.deep.js do not check if the attribute resolves to the...
Prototype Pollution
keyget is vulnerable to prototype pollution. The vulnerability exists in set and push methods of index.js because the validations are not handled properly which allows an attacker to inject properties into existing construct prototypes and modify attributes...
Prototype Pollution
oro/platform is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructorprototype, and constructor.prototype...
Prototype Pollution
json-ptr is vulnerable to prototype pollution. The vulnerability exists in 'setValueAtPath' and 'unsetValueAtPath' functions in 'util.ts' because the type of user provided keys are not properly validated. An attacker is able to inject properties into existing construct prototypes and modify...
Prototype Pollution
jsonpointer is vulnerable to prototype pollution vulnerability. An attacker is able to inject arbitrary properties into existing construct prototypes and modification of attributes such as proto, constructor and prototype...
Prototype Pollution
paypal-adaptive is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the PayPal function...
GHSA-6CJ2-92M5-7MVP Improperly Controlled Modification of Object Prototype Attributes
Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. Patches [email protected] patched it, anyone used think-config should...