Lucene search
K

76 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 7:59 p.m.8 views

CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

8.8CVSS5.1AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 3:25 p.m.8 views

EUVD-2026-35104

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score0.00195EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/13 9:32 p.m.9 views

EUVD-2026-30174

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.8CVSS5.9AI score0.00367EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/27 2:24 p.m.28 views

CVE-2021-27582

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

9.1CVSS6.8AI score0.02222EPSS
Exploits1References1
OSV
OSV
added 2026/03/06 6:31 p.m.3 views

GHSA-5448-V74M-7MV7 Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/02/06 9:30 p.m.195 views

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...

10CVSS5.7AI score0.99999EPSS
Exploits439
Vulnrichment
Vulnrichment
added 2026/01/23 11:59 p.m.5 views

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

2.7CVSS5.9AI score0.00284EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:57 a.m.11 views

CVE-2018-4073

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/EmbededAceTLSetTask.cgi is a very similar endpoint that is designed for use with setting table values th...

8.8CVSS6.8AI score0.25393EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.6 views

CVE-2024-41139

Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. If a user who can log in to the PC where the product's Windows client is installed places a specially crafted DLL file in a specific folder, arbitrary code may be executed with SYSTEM privile...

7.8CVSS7.4AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.10 views

CVE-2025-23970

Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through = 6.1...

9.8CVSS5.9AI score0.0069EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

UliCMS 安全漏洞

UliCMS is a content management system CMS open source by UliCMS. The system supports features such as access control and WYSIWYG editing. A security vulnerability exists in UliCMS version 2023.1, which stems from an improper bulk assignment in UserController that could lead to authentication bypa...

9.8CVSS6.8AI score0.00598EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1016

Malware in sbrugna...

9.1CVSS9AI score0.02222EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-3554

Malware in sbrugna...

7.1CVSS5.7AI score0.00674EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-4232

Malware in sbrugna...

6.5CVSS6.4AI score0.01272EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-7931

Malware in sbrugna...

8.8CVSS8.6AI score0.01083EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-7262

Malware in sbrugna...

5CVSS6.4AI score0.01065EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6541

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.00163EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-15775

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3530

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01203EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-16450

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00287EPSS
Exploits1References1
Rows per page
Query Builder