CWE-472
External Control of Assumed-Immutable Web Parameter
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.
56 vulnerabilities with CWE-472
CVE-2026-3538
HIGH
Google Chrome <145.0.7632.159 - Memory Corruption
CVSS 8.8
CVE-2026-3536
HIGH
Google Chrome <145.0.7632.159 - Memory Corruption
CVSS 8.8
CVE-2026-2649
HIGH
Google Chrome <145.0.7632.109 - Memory Corruption
CVSS 8.8
CVE-2025-14750
Web App - Privilege Escalation
CVE-2025-67846
MEDIUM
Mintlify Platform <2025-11-15 - Auth Bypass
CVSS 4.9
CVE-2025-66385
Cerebrate <1.30 - Privilege Escalation
CVE-2025-10892
HIGH
Google Chrome < 140.0.7339.207 - Integer Overflow
CVSS 8.8
CVE-2025-10891
HIGH
Google Chrome <140.0.7339.207 - Heap Corruption
CVSS 8.8
CVE-2025-54551
MEDIUM
Synapse Mobility <8.2 - Privilege Escalation
CVSS 4.3
CVE-2025-54832
MEDIUM
OPEXUS FOIAXpress PAL <v11.1.0 - Privilege Escalation
CVSS 4.3
CVE-2025-8198
HIGH
MinimogWP - Price Manipulation
CVSS 7.5
CVE-2025-7656
HIGH
Google Chrome <138.0.7204.157 - Heap Corruption
CVSS 8.8
CVE-2025-43933
CRITICAL
fblog <983bede - Info Disclosure
CVSS 9.8
CVE-2025-43930
CRITICAL
Hashview 0.8.1 - Info Disclosure
CVSS 9.8
CVE-2025-6191
HIGH
Google Chrome < 137.0.7151.119 - Integer Overflow
CVSS 8.8
CVE-2025-43002
MEDIUM
SAP S4CORE - Info Disclosure
CVSS 4.3
CVE-2025-47817
HIGH
BlueWave Checkmate <2.0.2 - Privilege Escalation
CVSS 8.8
CVE-2025-35939
MEDIUMKEV
Craft CMS - RCE
CVSS 5.3
CVE-2025-47245
HIGH
BlueWave Checkmate <2.0.2 - Privilege Escalation
CVSS 8.1
CVE-2025-3743
MEDIUM
Upsell Funnel Builder <3.0.0 - Info Disclosure
CVSS 5.3
CVE-2025-3530
HIGH
WordPress Simple Shopping Cart <5.1.2 - Info Disclosure
CVSS 7.5
CVE-2025-31327
MEDIUM
SAP Field Logistics - Data Tampering
CVSS 4.3
CVE-2025-32816
LOW
CodeLit CourseLit <0.57.5 - Info Disclosure
CVSS 3.1
CVE-2025-31333
MEDIUM
SAP S4CORE - Info Disclosure
CVSS 4.3
CVE-2025-30152
MEDIUM
Sylius PayPal Plugin <2.0.2 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities
56