34 matches found
EUVD-2026-43081
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...
EUVD-2026-43051
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0...
CVE-2026-55810
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...
CVE-2026-55804 Drupal core - Moderately critical - Gadget chain - SA-CORE-2026-006
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...
CVE-2026-55803 Drupal core - Critical - PHP object injection - SA-CORE-2026-005
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...
CVE-2026-55809
The CVE-2026-55809 issue affects the Drupal Flag attendance field module, with vulnerable versions 0.0.0 through 1.2. The root cause is improper control of modification of dynamically-determined object attributes, with data stored as PHP-serialized strings. If malicious data is written to the fie...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the externalTrigger process. An attacker can gain unauthorized access to another workspace's database and execu...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...
BIT-DRUPAL-2026-6366 Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...
CVE-2026-6366
A flaw was found in Drupal core. This vulnerability, categorized as an Improperly Controlled Modification of Dynamically-Determined Object Attributes, allows for object injection. An attacker could exploit this to potentially manipulate application logic or achieve other impacts depending on the...
Drupal core allows Object Injection
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...
EUVD-2026-30999
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over data across different workspaces by...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through improper handling of the Object.assign process in the dataset service. An attacker can gain unauthorized access to...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over resources belonging to other...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the /api/v1/variables endpoint. A user can modify internal attributes such as workspaceId, createdDate, and updatedDate by...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the objecttoexecution.go process. An attacker can execute unauthorized actions or inject malicious content by providing crafted AI-generated YAML that is...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff. Affected versions of this package are...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the ExternalDataInfo function. An attacker can cause system unavailability, limited information disclosure, or dat...