32 matches found
EUVD-2026-30174
Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...
CVE-2021-27582
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...
GHSA-5448-V74M-7MV7 Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...
Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...
CVE-2026-24140 MyTube has Mass Assignment via Settings Management
MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...
EUVD-2019-7931
Malware in sbrugna...
EUVD-2008-7262
Malware in sbrugna...
EUVD-2021-1016
Malware in sbrugna...
EUVD-2022-3007
Malicious code in bioql PyPI...
EUVD-2022-3530
Malicious code in bioql PyPI...
EUVD-2024-16200
Malicious code in bioql PyPI...
EUVD-2025-16450
Malicious code in bioql PyPI...
EUVD-2025-31595
Malicious code in bioql PyPI...
CVE-2025-52656 HCL MyXalytics product is affected by Mass Assignment vulnerability
HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields...
CVE-2025-48482 FreeScout Has Business Logic Errors
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...
CVE-2025-48476 FreeScout Has Business Logic Errors
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...
CVE-2025-48476 FreeScout Has Business Logic Errors
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...
CVE-2025-48476 FreeScout Has Business Logic Errors
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...
CVE-2024-40531
A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions...
CVE-2012-2054
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the 1 Comment, 2 Document, 3 IssueCategory, 4 MembersController, 5 Message, 6 News, 7 TimeEntry, 8 Version, 9 Wiki, 10 UserPreference, o...