CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

Vulnrichment•added 2026/06/12 7:59 p.m.•7 views

CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

8.8CVSS5.1AI score0.00262EPSS

Exploits0References1

EUVD•added 2026/06/08 3:25 p.m.•7 views

EUVD-2026-35104

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score0.00172EPSS

Exploits1References2

EUVD•added 2026/05/13 9:32 p.m.•7 views

EUVD-2026-30174

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.8CVSS5.9AI score0.00367EPSS

Exploits0References4

RedhatCVE•added 2026/03/27 2:24 p.m.•27 views

CVE-2021-27582

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

9.1CVSS6.8AI score0.02222EPSS

Exploits1References1

OSV•added 2026/03/06 6:31 p.m.•3 views

GHSA-5448-V74M-7MV7 Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS

Exploits1References5

GithubExploit•added 2026/02/06 9:30 p.m.•187 views

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...

10CVSS5.7AI score0.99999EPSS

Exploits437

Vulnrichment•added 2026/01/23 11:59 p.m.•5 views

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

2.7CVSS5.9AI score0.00284EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2008-7262

Malware in sbrugna...

5CVSS6.4AI score0.01065EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-7931

Malware in sbrugna...

8.8CVSS8.6AI score0.01083EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-1016

Malware in sbrugna...

9.1CVSS9AI score0.02222EPSS

Exploits1References6

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-31595