Lucene search
K

65 matches found

EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43051

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0...

6.1AI score0.00173EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-55810

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...

8.1CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55810 Plotly.js Graphing - Critical - PHP object injection - SA-CONTRIB-2026-050

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...

0.00161EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/23 9:23 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the BeanDeserializerBase.createContextual method, which applies the per-property exclusions through handleByNameInclusion and then rebuilds the property m...

6.9CVSS5.8AI score0.00345EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49007

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authorization flaw exists in the object add/edit handling. An authenticated user with object editing permissions can assign a MISP object, or attributes within an object, to a sharing group...

5.3CVSS5.3AI score0.0022EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 8:29 p.m.12 views

GHSA-VG35-5WQ7-3X7W TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection

Impact Stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. Patches This vulnerability has been patched in TinyMCE 8.5.1, TinyMCE...

8.7CVSS5.3AI score0.00264EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Samba

A vulnerability was discovered in Samba. A delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object’s creation. This issue arises because the administrator...

7.5CVSS6.7AI score0.00484EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/20 12:31 a.m.10 views

Drupal core allows Object Injection

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

6.6CVSS5.4AI score0.00399EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/14 4:19 p.m.22 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through improper handling of the Object.assign process in the dataset service. An attacker can gain unauthorized access to...

7.7CVSS5.8AI score0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 3:38 p.m.9 views

EUVD-2025-209720

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

8.3CVSS5.8AI score0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:13 p.m.5 views

CVE-2025-14341

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

8.3CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/04/24 4:37 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the objecttoexecution.go process. An attacker can execute unauthorized actions or inject malicious content by providing crafted AI-generated YAML that is...

8.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/04/10 10:10 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff. Affected versions of this package are...

8.8CVSS6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/01 12:45 a.m.3 views

CVE-2026-5248

A vulnerability has been found in gougucms 4.08.18. This affects the function regsubmit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may b...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References4
CVE
CVE
added 2026/04/01 12:45 a.m.29 views

CVE-2026-5248

Summary : CVE-2026-5248 affects gougucms 4.08.18, specifically the function reg_submit in gougucms-master\app\home\controller\Login.php (User Registration Handler). The issue involves manipulation of the argument level that leads to dynamically-determined object attributes, enabling a potential r...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.14 views

PT-2026-29433

A vulnerability has been found in gougucms 4.08.18. This affects the function reg submit of the file gougucms-masterapphomecontrollerLogin.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may be...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/18 8:10 p.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview deepdiff is a Deep Difference and Search of any Python object/data. Recreate objects by adding adding deltas to each other. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the RestrictedUnpickler...

8.7CVSS5.8AI score0.00452EPSS
Exploits1References2
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-32640

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

9.8CVSS0.00524EPSS
Exploits0References7
CVE
CVE
added 2026/03/13 9:3 p.m.46 views

CVE-2026-32640

CVE-2026-32640 affects the Python library SimpleEval, prior to version 1.0.5. According to the connected advisories, SimpleEval did not fully restrict module references and callback handling inside its sandbox, enabling sandbox bypass and potentially arbitrary code execution. The issue is fixed i...

9.8CVSS5.8AI score0.00524EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/03/13 9:3 p.m.33 views

CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

8.7CVSS0.00524EPSS
Exploits0References1
Rows per page
Query Builder