CVE-2025-14341

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

GHSA-45VW-WH46-2VX8 Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...

Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...

PT-2026-42591

Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...

PT-2026-42692

Name of the Vulnerable Software and Affected Versions Twig versions 3.15.0 through 3.x Description The obj.expr dynamic-attribute syntax allows the attribute to be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, the...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes due to Improperly Controlled Modification of...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the PUT /api/v1/assistants/assistantId endpoint, when the server fails to validate and restrict modifications to...

CVE-2025-14341

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

CVE-2025-14341 Input Data Manipulation in DivvyDrive Information Technologies' DivvyDrive

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

Summary The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in PluginSecurity.validateplugincode is incomplete and can be bypassed using several Python constructs that are not checked. An...

ComfyUI 安全漏洞

ComfyUI is one of the most powerful and modular diffusion model GUIs and backends for comfyanonymous individual developers. A security vulnerability exists in ComfyUI version 0.3.40, which stems from a dynamic attribute issue that could lead to object attribute manipulation...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:ag-grid-enterprise is an Advanced Data Grid / Data Table supporting Javascript / Typescript / React / Angular / Vue Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the .mergeDeep...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the block editor. An attacker can manipulate the object prototyp...