Lucene search
K

575 matches found

Vulnrichment
Vulnrichment
added 2025/05/30 4:32 a.m.9 views

CVE-2025-48478 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array the...

7CVSS6.8AI score0.00393EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/30 4:30 a.m.16 views

CVE-2025-48476 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...

7.1CVSS6.7AI score0.00448EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/30 4:30 a.m.14 views

CVE-2025-48476 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...

7.1CVSS0.00448EPSS
Exploits1References1
OSV
OSV
added 2025/05/30 4:30 a.m.5 views

CVE-2025-48476 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...

7.1CVSS6.6AI score0.00448EPSS
Exploits1References3
CVE
CVE
added 2025/05/30 4:30 a.m.52 views

CVE-2025-48476

CVE-2025-48476 affects FreeScout (Laravel-based open source help desk). Root cause: when adding/editing user records via the fill() method, missing validation for the absence of the password field allows mass-assignment, enabling a user with edit rights to change another user’s password and then ...

8.8CVSS6.8AI score0.00448EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:27 a.m.11 views

CVE-2024-40531

A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions...

8.8CVSS6.5AI score0.00372EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:17 p.m.7 views

CVE-2020-24940

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...

7.5CVSS6.7AI score0.01203EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:9 p.m.8 views

CVE-2012-2054

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the 1 Comment, 2 Document, 3 IssueCategory, 4 MembersController, 5 Message, 6 News, 7 TimeEntry, 8 Version, 9 Wiki, 10 UserPreference, o...

5CVSS6.8AI score0.0209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:3 a.m.5 views

CVE-2019-17605

A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...

8.8CVSS6.9AI score0.01083EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:10 p.m.7 views

CVE-2008-7310

Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability...

5CVSS6.9AI score0.01244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:10 p.m.9 views

CVE-2008-7309

Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost userid value via a modified URL, related to a "mass assignment" vulnerability...

5CVSS7AI score0.01065EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/14 2:48 p.m.14 views

CVE-2025-24021 iTop doesn't have mass assignment of fields in the portal form

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...

5CVSS6.9AI score0.00224EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/14 2:48 p.m.19 views

CVE-2025-24021 iTop doesn't have mass assignment of fields in the portal form

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...

5CVSS0.00224EPSS
Exploits0References2
CVE
CVE
added 2025/05/14 2:48 p.m.59 views

CVE-2025-24021

CVE-2025-24021 affects iTop (web-based IT Service Management). Prior to fixes, any account with portal access could set values on object fields that should not be modifiable. Affected versions: 2.7.11 or earlier? The initial docs list vulnerable versions as 2.7.12, 3.1.3, and 3.2.1 that contain f...

5CVSS5.2AI score0.00224EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.4 views

PT-2025-23242 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: FreeScout is a free self-hosted help desk and shared mailbox. The issue arises from the lack of verification for the absence of the password field in user data when adding and editing user...

8.8CVSS6.6AI score0.00448EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.11 views

PT-2025-23248 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue is related to a mass assignment vulnerability in the Customer object, which is updated using the fill method. This method processes fields such as channel and channel id, but it is...

5.3CVSS6.3AI score0.00287EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.9 views

PT-2025-23244 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue is related to insufficient input validation during user creation, resulting in a mass assignment vulnerability. This vulnerability allows an attacker to manipulate all fields of the...

7.5CVSS6.2AI score0.00393EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/03/22 1:5 p.m.6 views

CVE-2024-10359

In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of...

4.6CVSS6.8AI score0.00348EPSS
Exploits1References1
Veracode
Veracode
added 2025/03/21 2:31 a.m.15 views

Privilege Escalation

camaleoncms is vulnerable to Privilege Escalation. The vulnerability is due to the use of the dangerous permit! method through mass assignment, which allows all parameters to pass through without filtering...

9.4CVSS6.7AI score0.00566EPSS
Exploits17References7Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.5 views

CVE-2024-10359

In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of...

4.6CVSS0.00348EPSS
Exploits1References2
Rows per page
Query Builder