DivvyDrive 安全漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive prior to 4.8.3.2 contained security vulnerabilities. These vulnerabilities stemmed from improper control over modifications to object properties and unlimited resource...

PT-2026-33218

Summary A Mass Assignment / Broken Object Property Level Authorization BOPA vulnerability in the User Preferences API allows any authenticated user even those with the lowest privileges to arbitrarily modify restricted financial attributes on their profile, specifically their hourly rate and...

gougucms 安全漏洞

Gougucms is an open-source backend management framework developed by Gougu in China, based on ThinkPHP6, Layui, and MySql. Version 4.08.18 of Gougucms contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter “level” in the file...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

ALSA-2025:18320 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11709 thunderbird: firefox: Cross-process information...

ALSA-2025:18285 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11709...

EUVD-2018-0215

Malware in sbrugna...

EUVD-2024-39876

Malicious code in bioql PyPI...

EUVD-2024-2781

Malicious code in bioql PyPI...

EUVD-2024-36340

Malicious code in bioql PyPI...

Prototype Pollution

radashi is vulnerable to prototype pollution. The vulnerability is due to insufficient sanitization of the path argument in the set function, allowing injection of special object properties like proto, prototype, or constructor...

Prototype Pollution

@ndhoule/defaults is vulnerable to Prototype pollution. The vulnerability is due to improper handling of object properties in the lib.deep function, allowing attackers to supply a crafted payload, leading to a Denial of Service DoS...

CVE-2024-21529

A flaw was found in the dset package. Affected versions of this package are vulnerable to Prototype Pollution via the dset function due to improper user input sanitization. This vulnerability allows the attacker to inject a malicious object property using the built-in Object property proto, which...

CVE-2024-21529

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the...

CVE-2024-21529

CVE-2024-21529 affects the dset npm package in versions before 3.1.4, where input sanitization allows prototype pollution via dset, injecting proto properties across objects. Impact is information leak or corruption through object prototype pollution; details describe the exact vulnerability vect...

CVE-2024-21529

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the...

MAL-2024-6930 Malicious code in generate-object-property (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in generate-object-property (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

2023 OWASP Top-10 Series: API3:2023 Broken Object Property Level Authorization

Welcome to the 4th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API3:2023 Broken Object Property Level Authorization. In this series we are taking an in-depth look at each category – the detail...