Lucene search
+L

23 matches found

cvelist
cvelist
added 6 days ago32 views

CVE-2026-55804 Drupal core - Moderately critical - Gadget chain - SA-CORE-2026-006

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...

0.00215EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago31 views

CVE-2026-15083 ECA: Event - Condition - Action - Less critical - Information disclosure - SA-CONTRIB-2026-074

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal ECA: Event - Condition - Action allows Object Injection. This issue affects ECA: Event - Condition - Action versions: from 0.0.0 to 2.1.20, from 3.0.0 to 3.0.12, from 3.1.0 to 3.1.4...

0.00175EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago31 views

CVE-2026-55809 Flag attendance field - Critical - PHP object injection - SA-CONTRIB-2026-049

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...

0.00307EPSS
Exploits0References1
cve
cve
added 6 days ago20 views

CVE-2026-55809

The CVE-2026-55809 issue affects the Drupal Flag attendance field module, with vulnerable versions 0.0.0 through 1.2. The root cause is improper control of modification of dynamically-determined object attributes, with data stored as PHP-serialized strings. If malicious data is written to the fie...

8.1CVSS6.1AI score0.00307EPSS
Exploits0References1Affected Software1
snyk
snyk
added 2026/05/29 5:49 p.m.12 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the BaseHandler.set trap in lib/bridge.js. An...

9.2CVSS6.3AI score0.00287EPSS
Exploits0References2
cve
cve
added 2026/05/19 10:27 p.m.1292 views

CVE-2026-6366

CVE-2026-6366 — Drupal core insecure gadget chain leading to object injection Affects Drupal core: 8.0.0–10.5.8, 10.6.0–10.6.6, 11.0.0–11.2.10, 11.3.0–11.3.7. The issue is an improperly controlled modification of dynamically-determined object attributes that enables a gadget chain when deserializ...

6.6CVSS5.8AI score0.00399EPSS
Exploits0References1Affected Software1
snyk
snyk
added 2026/05/14 4:19 p.m.10 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over data across different workspaces by...

7.6CVSS5.8AI score0.00342EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/07 1:13 p.m.5 views

CVE-2025-14341

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

8.3CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
snyk
snyk
added 2026/04/09 10:7 a.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the doCertificateUpdate handler in certificates.go. An attacker can change the type of an existing certificate by sending a certificate update reques...

9.6CVSS5.4AI score0.00274EPSS
Exploits1References2
snyk
snyk
added 2026/04/09 10:7 a.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the doCertificateUpdate handler in certificates.go. An attacker can change the type of an existing certificate by sending a certificate update reques...

9.6CVSS5.4AI score0.00274EPSS
Exploits1References2
snyk
snyk
added 2026/03/06 10:19 p.m.7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the Object.assign function. An attacker can manipulate internal entity fields such as id, createdDate, and chatId by...

9.2CVSS5.8AI score0.12902EPSS
Exploits1References2
snyk
snyk
added 2026/01/02 7:2 p.m.7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the account registration endpoint. An attacker can manipulate server-managed fields and associate new accounts with existing...

9.8CVSS5.8AI score0.00334EPSS
Exploits1References2
nvd
nvd
added 2025/12/10 9:15 a.m.5 views

CVE-2025-9315

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...

6.3CVSS0.00405EPSS
Exploits0References1
vulncheck_kev
vulncheck_kev
added 2024/03/21 12:0 a.m.7 views

VulnCheck KEV: CVE-2023-43177

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

9.8CVSS7.4AI score0.81801EPSS
Exploits7References1
osv
osv
added 2023/11/18 12:15 a.m.3 views

CVE-2023-43177

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

9.8CVSS5.8AI score0.81801EPSS
Exploits7References2
nvd
nvd
added 2023/11/18 12:15 a.m.35 views

CVE-2023-43177

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

9.8CVSS0.81801EPSS
Exploits7References2
prion
prion
added 2023/11/18 12:15 a.m.29 views

Design/Logic Flaw

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

7.5CVSS7.1AI score0.81801EPSS
Exploits7References2Affected Software1
cvelist
cvelist
added 2023/02/09 2:55 p.m.34 views

CVE-2023-0574 Server-Side Request Forgery

Server-Side Request Forgery SSRF, Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communicati...

6.8CVSS9.8AI score0.00637EPSS
Exploits0References1
github
github
added 2021/05/07 4:28 p.m.68 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes in utilitify

utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype...

8.8CVSS3.9AI score0.02044EPSS
Exploits1References4Affected Software1
github
github
added 2021/05/07 4:16 p.m.251 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...

5.3CVSS5.9AI score0.01127EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder