Lucene search
K

34 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43081

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...

6.1AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43051

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0...

6.1AI score0.00386EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-55810

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...

8.1CVSS0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-55804 Drupal core - Moderately critical - Gadget chain - SA-CORE-2026-006

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...

0.00215EPSS
Exploits0References1
OSV
OSV
added 5 days ago3 views

CVE-2026-55803 Drupal core - Critical - PHP object injection - SA-CORE-2026-005

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...

5.9CVSS6.1AI score0.00215EPSS
Exploits0References5
CVE
CVE
added 5 days ago19 views

CVE-2026-55809

The CVE-2026-55809 issue affects the Drupal Flag attendance field module, with vulnerable versions 0.0.0 through 1.2. The root cause is improper control of modification of dynamically-determined object attributes, with data stored as PHP-serialized strings. If malicious data is written to the fie...

8.1CVSS6.1AI score0.003EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/22 11:20 p.m.9 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the externalTrigger process. An attacker can gain unauthorized access to another workspace's database and execu...

9.6CVSS6AI score0.00461EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 8:39 a.m.11 views

BIT-DRUPAL-2026-6366 Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

6.6CVSS5.8AI score0.00399EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/20 4:5 p.m.18 views

CVE-2026-6366

A flaw was found in Drupal core. This vulnerability, categorized as an Improperly Controlled Modification of Dynamically-Determined Object Attributes, allows for object injection. An attacker could exploit this to potentially manipulate application logic or achieve other impacts depending on the...

6.6CVSS5.8AI score0.00399EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 12:31 a.m.20 views

EUVD-2026-30999

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

5.8AI score0.00399EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/20 12:31 a.m.10 views

Drupal core allows Object Injection

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

6.6CVSS5.4AI score0.00399EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/14 4:19 p.m.10 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over data across different workspaces by...

7.6CVSS5.8AI score0.00342EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 4:19 p.m.22 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through improper handling of the Object.assign process in the dataset service. An attacker can gain unauthorized access to...

7.7CVSS5.8AI score0.00335EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 4:19 p.m.14 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over resources belonging to other...

7.7CVSS5.8AI score0.00335EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 2:52 p.m.16 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the /api/v1/variables endpoint. A user can modify internal attributes such as workspaceId, createdDate, and updatedDate by...

7.6CVSS5.8AI score0.00254EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/27 12:14 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

10CVSS6.6AI score0.06157EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/24 4:37 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the objecttoexecution.go process. An attacker can execute unauthorized actions or inject malicious content by providing crafted AI-generated YAML that is...

8.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/04/10 10:10 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff. Affected versions of this package are...

8.8CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/04/01 5:30 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the ExternalDataInfo function. An attacker can cause system unavailability, limited information disclosure, or dat...

8.6CVSS5.9AI score0.00288EPSS
Exploits0References2
Rows per page
Query Builder