21 matches found
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the BeanDeserializerBase.createContextual method, which applies the per-property exclusions through handleByNameInclusion and then rebuilds the property m...
Drupal core allows Object Injection
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through improper handling of the Object.assign process in the dataset service. An attacker can gain unauthorized access to...
ROS-20260513-73-0019
Vulnerability in lxd due to insufficient control over modification of dynamically defined object characteristics. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
EUVD-2025-209720
Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the objecttoexecution.go process. An attacker can execute unauthorized actions or inject malicious content by providing crafted AI-generated YAML that is...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff. Affected versions of this package are...
CVE-2026-5248
Summary : CVE-2026-5248 affects gougucms 4.08.18, specifically the function reg_submit in gougucms-master\app\home\controller\Login.php (User Registration Handler). The issue involves manipulation of the argument level that leads to dynamically-determined object attributes, enabling a potential r...
CVE-2026-5248
A vulnerability has been found in gougucms 4.08.18. This affects the function regsubmit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may b...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview deepdiff is a Deep Difference and Search of any Python object/data. Recreate objects by adding adding deltas to each other. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the RestrictedUnpickler...
Moxa MXsecurity Series 安全漏洞
Moxa MXsecurity Series is an industrial network security management software platform from Moxa Corporation of Taiwan, China. A security vulnerability exists in Moxa MXsecurity Series that stems from improperly controlled modification of dynamically determined object attributes, which could lead ...
SUSE CVE-2025-38696
In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stacktop for tasks without ABI or vDSO Not all tasks have an ABI associated or vDSO mapped, for example kthreads never do. If such a task ever ends up calling stacktop, it will derefence the NULL ABI pointer...
The vulnerability of the Drupal CMS system’s kernel lies in the insufficient control over the modification of dynamically defined object properties, allowing attackers to execute arbitrary code.
The vulnerability of the Drupal CMS system’s kernel is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the chart.js component in the IBM Data Risk Manager application, which is designed for identifying, analyzing, and visualizing business risks. This vulnerability allows a malicious actor to execute arbitrary code.
The vulnerability of the chart.js component in the IBM Data Risk Manager application, which is used for identifying, analyzing, and visualizing business risks, stems from insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability could allow...
The vulnerability of the datatables.net package’s DataTables library allows a hacker to execute arbitrary code or cause a denial-of-service attack.
The vulnerability of the datatables.net package’s DataTables library is related to insufficient control over modifications to dynamically defined object properties. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures...
Duplicate Advisory: Possible remote code execution via a remote procedure call
Withdrawn: duplicate of GHSA-pj4g-4488-wmxm Original Description In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings...
MGASA-2015-0122 Updated python-rope packages fix security vulnerabilities
The python-rope utility has been caught passing remotely supplied data to pickle.load, enabling possible code-execution attacks. This can happen when the 'performdoa' dynamic object analysis option is enabled, which it previously had been by default. This update changes the default configuration ...
UBUNTU-CVE-2014-9585
The vdsoaddr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD...
Microsoft Internet Explorer information leak
It's possible to retrieve any file from client computer via URLMON and Dynamic OBJECT tag...
Core Security Technologies Advisory 2009.0625
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities 1. Advisory Information Title: Internet Explorer Dynamic OBJECT tag and URLMON sniffing...