PT-2026-49007

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authorization flaw exists in the object add/edit handling. An authenticated user with object editing permissions can assign a MISP object, or attributes within an object, to a sharing group...

GHSA-VG35-5WQ7-3X7W TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection

Impact Stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. Patches This vulnerability has been patched in TinyMCE 8.5.1, TinyMCE...

Astra Linux - уязвимость в samba

A vulnerability was discovered in Samba. A delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object’s creation. This issue arises because the administrator...

Drupal core allows Object Injection

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through improper handling of the Object.assign process in the dataset service. An attacker can gain unauthorized access to...

EUVD-2025-209720

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

CVE-2025-14341

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the objecttoexecution.go process. An attacker can execute unauthorized actions or inject malicious content by providing crafted AI-generated YAML that is...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff. Affected versions of this package are...

CVE-2026-5248

A vulnerability has been found in gougucms 4.08.18. This affects the function regsubmit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may b...

CVE-2026-5248

Summary : CVE-2026-5248 affects gougucms 4.08.18, specifically the function reg_submit in gougucms-master\app\home\controller\Login.php (User Registration Handler). The issue involves manipulation of the argument level that leads to dynamically-determined object attributes, enabling a potential r...

PT-2026-29433

A vulnerability has been found in gougucms 4.08.18. This affects the function reg submit of the file gougucms-masterapphomecontrollerLogin.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may be...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview deepdiff is a Deep Difference and Search of any Python object/data. Recreate objects by adding adding deltas to each other. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the RestrictedUnpickler...

CVE-2026-32640

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

CVE-2026-32640

CVE-2026-32640 affects the Python library SimpleEval, prior to version 1.0.5. According to the connected advisories, SimpleEval did not fully restrict module references and callback handling inside its sandbox, enabling sandbox bypass and potentially arbitrary code execution. The issue is fixed i...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview simpleeval is an A simple, safe single expression evaluator library. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the evaluation when objects passed as names contain modules or other disallowed objec...

PT-2026-25385

Name of the Vulnerable Software and Affected Versions SimpleEval versions prior to 1.0.5 Description SimpleEval is a Python library used for adding evaluatable expressions to projects. Before version 1.0.5, the library allowed dangerous modules to be accessed directly within the sandbox. This...

Moxa MXsecurity Series 安全漏洞

Moxa MXsecurity Series is an industrial network security management software platform from Moxa Corporation of Taiwan, China. A security vulnerability exists in Moxa MXsecurity Series that stems from improperly controlled modification of dynamically determined object attributes, which could lead ...

PT-2025-47345

Name of the Vulnerable Software and Affected Versions Drupal versions 8.0.0 through 10.4.9 Drupal versions 10.5.0 through 10.5.6 Drupal versions 11.0.0 through 11.1.9 Drupal versions 11.2.0 through 11.2.7 Description Drupal core contains an improperly controlled modification of...