Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the BaseHandler.set trap in lib/bridge.js. An...

CVE-2026-6366

CVE-2026-6366 — Drupal core insecure gadget chain leading to object injection Affects Drupal core: 8.0.0–10.5.8, 10.6.0–10.6.6, 11.0.0–11.2.10, 11.3.0–11.3.7. The issue is an improperly controlled modification of dynamically-determined object attributes that enables a gadget chain when deserializ...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over data across different workspaces by...

CVE-2025-14341

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the doCertificateUpdate handler in certificates.go. An attacker can change the type of an existing certificate by sending a certificate update reques...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the doCertificateUpdate handler in certificates.go. An attacker can change the type of an existing certificate by sending a certificate update reques...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the Object.assign function. An attacker can manipulate internal entity fields such as id, createdDate, and chatId by...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the account registration endpoint. An attacker can manipulate server-managed fields and associate new accounts with existing...

CVE-2025-9315

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...

VulnCheck KEV: CVE-2023-43177

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

CVE-2023-43177

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

CVE-2023-43177

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

Design/Logic Flaw

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

CVE-2023-0574 Server-Side Request Forgery

Server-Side Request Forgery SSRF, Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communicati...

Improperly Controlled Modification of Dynamically-Determined Object Attributes in utilitify

utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype...

Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...

Exploit for Prototype Pollution in Apache Struts

What's this This is a Simple test Project for S2-059 which ca...

Exploit for Prototype Pollution in Apache Struts

It is an offensive tool for Apache Struts 2 exploitation. The re...

Exploit for Prototype Pollution in Apache Struts

CVE-2019-0230 CVE-2019-0230 Exploit This is CVE-2019-0...