Lucene search
K

21 matches found

Snyk
Snyk
added 2026/06/23 9:23 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the BeanDeserializerBase.createContextual method, which applies the per-property exclusions through handleByNameInclusion and then rebuilds the property m...

6.9CVSS5.8AI score0.00345EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/20 12:31 a.m.10 views

Drupal core allows Object Injection

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

6.6CVSS5.4AI score0.00399EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/14 4:19 p.m.22 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through improper handling of the Object.assign process in the dataset service. An attacker can gain unauthorized access to...

7.7CVSS5.8AI score0.00335EPSS
Exploits0References2
Redos
Redos
added 2026/05/13 12:0 a.m.12 views

ROS-20260513-73-0019

Vulnerability in lxd due to insufficient control over modification of dynamically defined object characteristics. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.1CVSS6.2AI score0.00274EPSS
Exploits1
EUVD
EUVD
added 2026/05/07 3:38 p.m.9 views

EUVD-2025-209720

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

8.3CVSS5.8AI score0.00221EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/24 4:37 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the objecttoexecution.go process. An attacker can execute unauthorized actions or inject malicious content by providing crafted AI-generated YAML that is...

8.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/04/10 10:10 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff. Affected versions of this package are...

8.8CVSS6AI score
Exploits0References3
CVE
CVE
added 2026/04/01 12:45 a.m.27 views

CVE-2026-5248

Summary : CVE-2026-5248 affects gougucms 4.08.18, specifically the function reg_submit in gougucms-master\app\home\controller\Login.php (User Registration Handler). The issue involves manipulation of the argument level that leads to dynamically-determined object attributes, enabling a potential r...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/01 12:45 a.m.3 views

CVE-2026-5248

A vulnerability has been found in gougucms 4.08.18. This affects the function regsubmit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may b...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/18 8:10 p.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview deepdiff is a Deep Difference and Search of any Python object/data. Recreate objects by adding adding deltas to each other. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the RestrictedUnpickler...

8.7CVSS5.8AI score0.00452EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.6 views

Moxa MXsecurity Series 安全漏洞

Moxa MXsecurity Series is an industrial network security management software platform from Moxa Corporation of Taiwan, China. A security vulnerability exists in Moxa MXsecurity Series that stems from improperly controlled modification of dynamically determined object attributes, which could lead ...

6.3CVSS6.8AI score0.00405EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/09/04 11:23 p.m.4 views

SUSE CVE-2025-38696

In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stacktop for tasks without ABI or vDSO Not all tasks have an ABI associated or vDSO mapped, for example kthreads never do. If such a task ever ends up calling stacktop, it will derefence the NULL ABI pointer...

5.5CVSS6.5AI score0.00171EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/12/12 12:0 a.m.8 views

The vulnerability of the Drupal CMS system’s kernel lies in the insufficient control over the modification of dynamically defined object properties, allowing attackers to execute arbitrary code.

The vulnerability of the Drupal CMS system’s kernel is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.1AI score0.00956EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/11/03 12:0 a.m.10 views

The vulnerability of the chart.js component in the IBM Data Risk Manager application, which is designed for identifying, analyzing, and visualizing business risks. This vulnerability allows a malicious actor to execute arbitrary code.

The vulnerability of the chart.js component in the IBM Data Risk Manager application, which is used for identifying, analyzing, and visualizing business risks, stems from insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability could allow...

7.8CVSS7.7AI score0.04678EPSS
Exploits1References8Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/11/12 12:0 a.m.12 views

The vulnerability of the datatables.net package’s DataTables library allows a hacker to execute arbitrary code or cause a denial-of-service attack.

The vulnerability of the datatables.net package’s DataTables library is related to insufficient control over modifications to dynamically defined object properties. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures...

7.5CVSS7AI score0.0367EPSS
Exploits2References10Affected Software3
Github Security Blog
Github Security Blog
added 2019/11/20 1:35 a.m.22 views

Duplicate Advisory: Possible remote code execution via a remote procedure call

Withdrawn: duplicate of GHSA-pj4g-4488-wmxm Original Description In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings...

7.5CVSS7.4AI score0.13049EPSS
Exploits2References8Affected Software1
OSV
OSV
added 2015/04/01 12:13 p.m.3 views

MGASA-2015-0122 Updated python-rope packages fix security vulnerabilities

The python-rope utility has been caught passing remotely supplied data to pickle.load, enabling possible code-execution attacks. This can happen when the 'performdoa' dynamic object analysis option is enabled, which it previously had been by default. This update changes the default configuration ...

9.8CVSS9.5AI score0.03015EPSS
Exploits0References3
OSV
OSV
added 2015/01/09 12:0 a.m.6 views

UBUNTU-CVE-2014-9585

The vdsoaddr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD...

2.1CVSS6.7AI score0.00557EPSS
Exploits1References10
securityvulns
securityvulns
added 2010/02/04 12:0 a.m.42 views

Microsoft Internet Explorer information leak

It's possible to retrieve any file from client computer via URLMON and Dynamic OBJECT tag...

4.3CVSS2.9AI score0.3703EPSS
Exploits5References1Affected Software1
Packet Storm
Packet Storm
added 2010/02/04 12:0 a.m.81 views

Core Security Technologies Advisory 2009.0625

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities 1. Advisory Information Title: Internet Explorer Dynamic OBJECT tag and URLMON sniffing...

4.3CVSS0.5AI score0.3703EPSS
Exploits5
Rows per page
Query Builder