43 matches found
CVE-2025-31674
The CVE-2025-31674 entry concerns Drupal core vulnerability: Improperly Controlled Modification of Dynamically-Determined Object Attributes, enabling Object Injection. Affected Drupal core versions are 8.0.0–before 10.3.13, 10.4.0–before 10.4.3, 11.0.0–before 11.0.12, and 11.1.0–before 11.1.3. Th...
CVE-2023-43177
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...
CVE-2023-43177
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...
Design/Logic Flaw
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...
CVE-2023-43177
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...
CVE-2023-43177
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...
Ubuntu 18.04 LTS / 20.04 LTS : object-path vulnerabilities (USN-5967-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5967-1 advisory. It was discovered that the set method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent...
Ghost Foundation node-sqlite3 code execution vulnerability
Talos Vulnerability Report TALOS-2022-1645 Ghost Foundation node-sqlite3 code execution vulnerability March 16, 2023 CVE Number CVE-2022-43441 SUMMARY A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascri...
CVE-2023-0574
Server-Side Request Forgery SSRF, Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communicati...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF, Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communicati...
CVE-2023-0574 Server-Side Request Forgery
Server-Side Request Forgery SSRF, Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communicati...
CVE-2022-4068 Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary...
Prototype Pollution in deep.assign
deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
GHSA-3829-MGMW-JCG4 Prototype Pollution in deep.assign
deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
CVE-2021-40663
deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2022:0715-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0715-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, a...
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2022:0704-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0704-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, a...
CVE-2021-3815
utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
Code injection
utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
json-schema is vulnerable to Prototype Pollution
json-schema before version 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...