58 matches found
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through improper handling of the Object.assign process in the dataset service. An attacker can gain unauthorized access to...
EUVD-2025-209720
Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...
CVE-2025-14341
Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...
Astra Linux - уязвимость в samba
A vulnerability was discovered in Samba. A delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object’s creation. This issue arises because the administrator...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the objecttoexecution.go process. An attacker can execute unauthorized actions or inject malicious content by providing crafted AI-generated YAML that is...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff. Affected versions of this package are...
CVE-2026-5248
Summary : CVE-2026-5248 affects gougucms 4.08.18, specifically the function reg_submit in gougucms-master\app\home\controller\Login.php (User Registration Handler). The issue involves manipulation of the argument level that leads to dynamically-determined object attributes, enabling a potential r...
CVE-2026-5248
A vulnerability has been found in gougucms 4.08.18. This affects the function regsubmit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may b...
PT-2026-29433
A vulnerability has been found in gougucms 4.08.18. This affects the function reg submit of the file gougucms-masterapphomecontrollerLogin.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may be...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview deepdiff is a Deep Difference and Search of any Python object/data. Recreate objects by adding adding deltas to each other. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the RestrictedUnpickler...
CVE-2026-32640
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...
CVE-2026-32640
SimpleEval (Python) prior to v1.0.5 is vulnerable: objects passed as names can leak dangerous modules into the sandbox via attrs, and dangerous functions/modules could be accessed by passing them as callbacks to safe functions. The issue is fixed in v1.0.5. Root cause: improper handling of object...
CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview simpleeval is an A simple, safe single expression evaluator library. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the evaluation when objects passed as names contain modules or other disallowed objec...
PT-2026-25385
Name of the Vulnerable Software and Affected Versions SimpleEval versions prior to 1.0.5 Description SimpleEval is a Python library used for adding evaluatable expressions to projects. Before version 1.0.5, the library allowed dangerous modules to be accessed directly within the sandbox. This...
Moxa MXsecurity Series 安全漏洞
Moxa MXsecurity Series is an industrial network security management software platform from Moxa Corporation of Taiwan, China. A security vulnerability exists in Moxa MXsecurity Series that stems from improperly controlled modification of dynamically determined object attributes, which could lead ...
PT-2025-47345
Name of the Vulnerable Software and Affected Versions Drupal versions 8.0.0 through 10.4.9 Drupal versions 10.5.0 through 10.5.6 Drupal versions 11.0.0 through 11.1.9 Drupal versions 11.2.0 through 11.2.7 Description Drupal core contains an improperly controlled modification of...
EUVD-2025-9049
Malicious code in bioql PyPI...
EUVD-2022-4668
Malicious code in bioql PyPI...
LDAP Update Object
This module allows creating, reading, updating and deleting attributes of LDAP objects. Users can specify the object and must specify a corresponding attribute. Module Options msf use auxiliary/admin/ldap/ldapobjectattribute msf auxiliaryldapobjectattribute show actions ...actions... msf...