Lucene search
K

57 matches found

CVE
CVE
added 2025/04/30 6:27 p.m.70 views

CVE-2025-24887

OpenCTI has a CVE-2025-24887 vulnerability affecting versions 6.4.8–6.4.9. The issue lets a user bypass the allow/deny lists to modify attributes meant to be immutable, including toggling the external flag, changing a user’s own token, and editing non-allow-listed attributes such as otp_qr and ot...

6.3CVSS6.3AI score0.00202EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/30 12:0 a.m.8 views

PT-2025-18314 · Opencti · Opencti

Name of the Vulnerable Software and Affected Versions: OpenCTI versions 6.4.8 through 6.4.9 Description: The issue allows a user to bypass allow/deny lists and modify attributes that are intended to be unmodifiable. This includes toggling the external flag on/off, changing the own token value for...

6.3CVSS6.3AI score0.00202EPSS
Exploits0References8
NVD
NVD
added 2025/03/07 9:15 a.m.9 views

CVE-2025-21840

In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool 1, which uses the THERMALGENLATTRCPUCAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault...

5.5CVSS0.00191EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.8 views

PT-2025-34411

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the hfsplus filesystem. Syzbot reported an issue where a mutex lock check in hfsplus free extents could trigger warnings and errors during...

5.5CVSS6.1AI score0.00121EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.21 views

Vulnerability of JetBrains YouTrack’s data merging functions, which allows attackers to execute a “ prototype contamination ” attack.

The vulnerability of the data merging functions in the JetBrains YouTrack project and task management software is related to the uncontrolled modification of prototype object attributes. Exploiting this vulnerability could allow a malicious actor to execute an “infection of the prototype” attack...

4.2CVSS5.6AI score0.0031EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/07/24 4:15 p.m.6 views

CVE-2024-40575

An issue in Huawei Technologies opengauss openGauss 5.0.0 build v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2024/07/01 1:40 p.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:ag-grid-enterprise is an Advanced Data Grid / Data Table supporting Javascript / Typescript / React / Angular / Vue Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the .mergeDeep...

6.3CVSS6AI score0.00827EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/05/26 12:0 a.m.6 views

AnythingLLM 安全漏洞

AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from vulnerability to improper neutralization in the use of special elements in expression language statements, allowing all existing attributes of a database entity to be...

4.9CVSS5.2AI score0.00356EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.3 views

SUSE CVE-2019-16328

In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings...

7.5CVSS7.8AI score0.13049EPSS
Exploits2References5
Cvelist
Cvelist
added 2022/08/19 1:21 p.m.25 views

CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

6.7AI score0.01106EPSS
Exploits0References5
Veracode
Veracode
added 2022/05/04 3:46 p.m.17 views

Prototype Pollution

dset is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the merge function in the merge.js and modify attributes such as proto, constructor, and prototype...

8.1CVSS4.1AI score0.0176EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2022/03/11 12:0 a.m.1 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the block editor. An attacker can manipulate the object prototyp...

5.4CVSS6.9AI score
Exploits0References2
Veracode
Veracode
added 2022/02/07 7:25 a.m.16 views

Prototype Pollution

putil-merge is vulnerable to prototype pollution. The vulnerability exists due to the validations are not handled properly in the merge method in merge.js file which allows an attacker to inject properties into existing construct prototypes and modify attributes...

9.8CVSS3.6AI score0.01266EPSS
Exploits1References2Affected Software1
Huntr
Huntr
added 2022/02/02 11:59 a.m.26 views

the function deepFromFlat of underscore.deep is vulnerable to prototype pollution

Prototype Pollution in Clever/underscore.deep Reported on Feb 2nd 2022 | Timothee Desurmont Description Vulnerability type: CWE-1321 Version 0.5.1 of underscore.deep is vulnerable to prototype pollution; the function deepFromFlat in underscore.deep.js do not check if the attribute resolves to the...

7.5CVSS1.5AI score0.00976EPSS
Exploits1
Veracode
Veracode
added 2022/01/31 10:29 p.m.10 views

Prototype Pollution

keyget is vulnerable to prototype pollution. The vulnerability exists in set and push methods of index.js because the validations are not handled properly which allows an attacker to inject properties into existing construct prototypes and modify attributes...

9.8CVSS3.3AI score0.01678EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2022/01/06 7:58 a.m.12 views

Prototype Pollution

oro/platform is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructorprototype, and constructor.prototype...

8.8CVSS3.9AI score0.01094EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2021/11/05 9:55 a.m.22 views

Prototype Pollution

json-ptr is vulnerable to prototype pollution. The vulnerability exists in 'setValueAtPath' and 'unsetValueAtPath' functions in 'util.ts' because the type of user provided keys are not properly validated. An attacker is able to inject properties into existing construct prototypes and modify...

9.8CVSS3.3AI score0.01769EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2021/11/05 8:48 a.m.22 views

Prototype Pollution

jsonpointer is vulnerable to prototype pollution vulnerability. An attacker is able to inject arbitrary properties into existing construct prototypes and modification of attributes such as proto, constructor and prototype...

9.8CVSS4AI score0.02539EPSS
Exploits1References2Affected Software2
Veracode
Veracode
added 2021/10/07 7:47 a.m.9 views

Prototype Pollution

paypal-adaptive is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the PayPal function...

5.3CVSS6.7AI score0.0101EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/08/03 4:48 p.m.10 views

GHSA-6CJ2-92M5-7MVP Improperly Controlled Modification of Object Prototype Attributes

Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. Patches [email protected] patched it, anyone used think-config should...

7.5CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder