Lucene search
K

63 matches found

Snyk
Snyk
added 2026/02/11 8:56 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the /api/users endpoint. A remote attacker with a low-privileged API token can create new administrative users by abusing the "admin" parameter in a POST...

8.8CVSS5.7AI score0.00494EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/03 1:12 a.m.2 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Improperly Controlled Modification of...

6.3CVSS5.6AI score0.0027EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/13 8:37 p.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview @adonisjs/lucid is a SQL ORM built on top of Active Record pattern Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the merge and fill methods, as well as record creation and update functions. An attack...

8.2CVSS7.2AI score0.00473EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/10 8:31 a.m.6 views

EUVD-2025-202406

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...

6.3CVSS6.6AI score0.00353EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/10 8:31 a.m.28 views

CVE-2025-9315 Unauthenticated Device Registration Vulnerability in MXsecurity Series

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...

6.3CVSS0.00353EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.5 views

PT-2025-50311

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...

6.3CVSS7AI score0.00353EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/19 7:19 p.m.4 views

CVE-2025-13081

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. Mitigation Mitigati...

5.9CVSS6.5AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/18 6:32 p.m.5 views

EUVD-2025-198029

Drupal core allows Object Injection...

5.9CVSS6.6AI score0.00223EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/11/18 6:32 p.m.6 views

Drupal core allows Object Injection

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

5.9CVSS7AI score0.00223EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/11/18 6:32 p.m.3 views

GHSA-M6VV-VCJ8-W8M7 Drupal core allows Object Injection

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

7.4CVSS6.9AI score0.00223EPSS
Exploits0References3
NVD
NVD
added 2025/11/18 5:15 p.m.3 views

CVE-2025-13081

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

5.9CVSS0.00223EPSS
Exploits0References1
OSV
OSV
added 2025/11/18 5:15 p.m.3 views

CVE-2025-13081

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

5.9CVSS6.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 4:54 p.m.2 views

CVE-2025-13081 Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

6.6AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/18 4:54 p.m.8 views

CVE-2025-13081 Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.5 views

Drupal core 安全漏洞

Drupal core is a free, open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal core versions prior to 10.4.9, 10.5.0 through 10.5.6, 11.0.0 through 11.1.9, and 11.2.0 through 11.2.8, which stems from an improperly controlled...

5.9CVSS6.5AI score0.00223EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/16 5:0 a.m.14 views

CVE-2025-6107 comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes

A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function setattr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an...

3.1CVSS0.00366EPSS
Exploits0References5
Snyk
Snyk
added 2025/03/14 1:43 p.m.10 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the updatedajax method of the...

9.9CVSS5.8AI score0.00566EPSS
Exploits16References2
Snyk
Snyk
added 2024/12/09 11:44 p.m.1 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the deserialization process. An attacker...

9.8CVSS7.7AI score0.00904EPSS
Exploits0References2
Snyk
Snyk
added 2024/12/09 11:44 p.m.1 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the deserialization process. An attacker can...

9.8CVSS7.8AI score0.00803EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/09 12:0 a.m.5 views

PT-2023-16375 · Yugabyte · Yugabyte Managed

Name of the Vulnerable Software and Affected Versions: Yugabyte Managed versions 2.0.0.0 through 2.13.0.0 Description: The issue affects Yugabyte Managed, allowing accessing functionality not properly constrained by ACLs, communication channel manipulation, and authentication abuse due to...

9.8CVSS9.5AI score0.00637EPSS
Exploits0References4
Rows per page
Query Builder