Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-915 — Vulnerability Class 52

52 vulnerabilities classified as CWE-915. AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-33453 Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution — Apache Camel 9.8AICriticalAI2026-04-27
CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver` — axios 6.5 Medium2026-04-24
CVE-2026-40897 Math.js: Unsafe object property setter in mathjs — mathjs 8.8 High2026-04-24
CVE-2026-6912 Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel — AWS Ops Wheel 8.8 High2026-04-24
CVE-2026-34427 Vvveb < 1.0.8.1 Privilege Escalation via admin/user/save — Vvveb 8.8 High2026-04-20
CVE-2026-40486 Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate — kimai 4.3 Medium2026-04-17
CVE-2026-34179 Update of type field in restricted TLS certificate allows privilege escalation to cluster admin — lxd 9.1 Critical2026-04-09
CVE-2026-5708 Improper Control of User-Modifiable Attributes in RES CreateSession API — Research and Engineering Studio (RES) 8.8 High2026-04-06
CVE-2026-5251 z-9527 admin User Update Endpoint user.js dynamically-determined object attributes — admin 6.3 Medium2026-04-01
CVE-2026-5248 gougucms User Registration Login.php reg_submit dynamically-determined object attributes — gougucms 6.3 Medium2026-04-01
CVE-2026-34406 APTRS: Privilege Escalation via Mass Assignment of is_superuser in User Edit Endpoint — APTRS 8.8 -2026-03-31
CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor — ormar 7.1 High2026-03-19
CVE-2026-32742 Parse Server session creation endpoint allows overwriting server-generated session fields — parse-server 4.3 Medium2026-03-18
CVE-2026-29056 Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin — kanboard 8.8 -2026-03-18
CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox. — simpleeval 7.5AIHighAI2026-03-13
CVE-2026-30822 Flowise: Mass Assignment in `/api/v1/leads` Endpoint — Flowise 5.3 -2026-03-07
CVE-2025-15602 Snipe-IT < 8.3.7 Mass Assignment Vulnerability Leading to Privilege Escalation — Snipe-IT 8.8 High2026-03-06
CVE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners — discourse 4.3AIMediumAI2026-02-26
CVE-2026-27125 Svelte SSR attribute spreading includes inherited properties from prototype chain — svelte 3.7 -2026-02-20
CVE-2026-24140 MyTube has Mass Assignment via Settings Management — MyTube 2.7 Low2026-01-23
CVE-2026-22814 Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State — lucid 7.5AIHighAI2026-01-13
CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability — titra 4.3 Medium2026-01-07
CVE-2025-9315 Unauthenticated Device Registration Vulnerability in MXsecurity Series — MXsecurity Series 9.4AICriticalAI2025-12-10
CVE-2025-13081 Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006 — Drupal core 9.8AICriticalAI2025-11-18
CVE-2025-52656 HCL MyXalytics product is affected by Mass Assignment vulnerability — HCL MyXalytics 7.6 High2025-10-03
CVE-2025-7104 Mass Assignment in danny-avila/librechat — danny-avila/librechat 9.1AICriticalAI2025-09-29
CVE-2025-58367 DeepDiff is vulnerable to DoS and Remote Code Execution via Delta class pollution — deepdiff 9.8AICriticalAI2025-09-05
CVE-2025-6107 comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes — comfyui 3.1 Low2025-06-16
CVE-2025-49597 handcraftedinthealps goodby-csv Potential Gadget Chain allowing Remote Code Execution — goodby-csv 3.9 Low2025-06-13
CVE-2025-31674 Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003 — Drupal core 9.8 -2025-03-31

Vulnerabilities classified as CWE-915 represent 52 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.