Lucene search
K

575 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48973

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description Multiple mass assignment issues exist in the handling of collections, tag collections, event delegations, and shadow attributes. Certain controller actions accept user-supplied fields that shoul...

8.8CVSS5.3AI score0.00262EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 10:16 a.m.13 views

CVE-2026-53911

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 9:41 a.m.33 views

CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 9:41 a.m.8 views

CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS5.5AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 9:41 a.m.27 views

CVE-2026-53911

CVE-2026-53911 affects Cerebrate up to version 1.36, where the id primary key could be supplied via request input during CRUD edits and patching flows for several entity types (User, Role, UserSetting, LocalTool, PermissionLimitation, EnumerationCollection). An authenticated attacker could includ...

6.3CVSS5.5AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 9:41 a.m.10 views

EUVD-2026-36218

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS5.5AI score0.00207EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 9:16 a.m.15 views

CVE-2026-53901

Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add handler attempted to remove an attacker-supplied id from $params before normalizing the request through massageInput. Because the normalized $input could still contain an id field, a user...

8.7CVSS0.00312EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 7:31 a.m.10 views

EUVD-2026-36216

Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add handler attempted to remove an attacker-supplied id from $params before normalizing the request through massageInput. Because the normalized $input could still contain an id field, a user...

8.7CVSS5.5AI score0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 7:31 a.m.34 views

CVE-2026-53901 Cerebrate before v1.37 allows mass assignment of record identifiers during object creation

Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add handler attempted to remove an attacker-supplied id from $params before normalizing the request through massageInput. Because the normalized $input could still contain an id field, a user...

8.7CVSS0.00312EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 7:31 a.m.30 views

CVE-2026-53901

CVE-2026-53901 affects Cerebrate, before v1.37, where the generic CRUD add path allowed mass assignment of attacker-controlled identifiers. The add() handler attempted to strip an id from $params prior to __massageInput() normalization, but a supplied id could still be present in the normalized i...

8.7CVSS5.5AI score0.00312EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.20 views

PT-2026-48637

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS5.5AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.23 views

PT-2026-48632

Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add handler attempted to remove an attacker-supplied id from $params before normalizing the request through massageInput. Because the normalized $input could still contain an id field, a user...

8.7CVSS5.5AI score0.00312EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.16 views

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.12 views

CVE-2026-42862

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score0.00195EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.16 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.10 views

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

8.1CVSS5.3AI score0.00268EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.14 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.16 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.14 views

CVE-2026-46475

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.15 views

CVE-2026-46476

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
Rows per page
Query Builder