Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects)

Description The column filter passes its input straight to PHP's native arraycolumn. When the array elements are objects, arraycolumn reads $obj-$name and $obj-$index directly, including invoking get/isset. Because this property read happens entirely in PHP native code and never reaches...

GHSA-VCC8-PHRV-43WJ Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects)

Description The column filter passes its input straight to PHP's native arraycolumn. When the array elements are objects, arraycolumn reads $obj-$name and $obj-$index directly, including invoking get/isset. Because this property read happens entirely in PHP native code and never reaches...

Astra Linux - уязвимость в zabbix

The implementation of atob in "Zabbix JS" allows for creating a string with arbitrary content and using it to access internal properties of objects...

MiracleLinux 8 : thunderbird-140.4.0-2.el8_10.ML.1 (AXSA:2025-11006:25)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-11006:25 advisory. thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL...

CVE-2020-7600

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issue: Mozilla Thunderbird is updated to 140.4. changed: Account Hub is now disabled by default for second email account bmo1992027 changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 bmo1952100 fixed: Users could not read mail...

Updated thunderbird packgaes fix security vulnerabilities

CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could ...

MGASA-2025-0246 Updated firefox, nss & rootcerts fix security vulnerabilities

CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could ...

Updated firefox, nss & rootcerts fix security vulnerabilities

CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could ...

AlmaLinux 10 : thunderbird (ALSA-2025:18320)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:18320 advisory. thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textur...

ALSA-2025:18155 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11709...

Mozilla -- JavaScript Object property overriding

[email protected] reports: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

EUVD-2021-0900

Malware in sbrugna...

EUVD-2021-1025

Malware in sbrugna...

EUVD-2012-1843

Malware in sbrugna...

EUVD-2022-7249

Malicious code in bioql PyPI...

CVE-2019-10808

utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype...

Prototype Pollution

estree-util-value-to-estree is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of object properties due to generating ESTree expressions that interpret proto as a prototype rather than a normal property...