CVE-2026-8752 h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control

A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access...

CVE-2026-8752

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-8752.

PT-2026-41542

Name of the Vulnerable Software and Affected Versions h2oai h2o-3 versions prior to 7402 Description A weakness in the Rapids setproperty Primitive Handler allows remote attackers to bypass access controls. The issue resides in the exec function within the file...

GHSA-FFV6-JJ46-X367 django-unicorn affected by component state manipulation via unvalidated attribute access

Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...

CVE-2025-12738

Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...

CVE-2025-12738

Neo4j Enterprise editions before 2025.11.2 and 5.26.17 are vulnerable to information disclosure. An attacker with some legitimate access can infer the value of a property by enumerating possible values and observing error messages from SET property, without requiring read access. Upstream fixes a...

CVE-2025-12738 Enumeration of restricted property value

Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...

EUVD-2025-12429

Malicious code in bioql PyPI...

CVE-2025-3982

A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/objectnodes/getsetpropmk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of...

CVE-2025-3982 nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution

A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/objectnodes/getsetpropmk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of...

CVE-2025-3982

CVE-2025-3982 affects nortikin Sverchok 1.3.0. The vulnerability lies in SvSetPropNodeMK2 (file sverchok/nodes/object_nodes/getsetprop_mk2.py, Set Property Mk2 Node), enabling prototype pollution with remote exploit potential. Public exploit disclosed; vendor contacted but no response. Connected ...

The vulnerability of the DRM/VRR component in Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the drm/vrr component in the Linux operating system’s kernel relates to an attempt by the driver to call the drm core set prop function without proper authorization. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

SUSE CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

GHSA-H755-8QP9-CQ85 protobufjs Prototype Pollution vulnerability

protobuf.js aka protobufjs 6.10.0 until 6.11.4 and 7.0.0 until 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and...