Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-472

CWE-472

External Control of Assumed-Immutable Web Parameter

Parent: CWE-642 - External Control of Critical State Data

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

123 vulnerabilities with CWE-472

CVE-2025-54832 MEDIUM

OPEXUS FOIAXpress PAL <v11.1.0 - Privilege Escalation

CVE-2025-8198 HIGH

MinimogWP < 3.9.0 - Unauthenticated Price Manipulation via Cart Quantity Parameter

CVE-2025-7656 HIGH

Google Chrome <138.0.7204.157 - Heap Corruption

CVE-2025-43933 CRITICAL

fblog through 983bede - Account Takeover via Password Reset Host Header Manipulation

CVE-2025-43930 CRITICAL

Hashview 0.8.1 - Account Takeover via Password Reset Host Header Manipulation

CVE-2025-6191 HIGH

Google Chrome < 137.0.7151.119 - Integer Overflow in V8 via Crafted HTML Page

CVE-2025-43002 MEDIUM

SAP S4/HANA OData Meta-Data Property - Authenticated Information Disclosure via Missing Authorization Check

CVE-2025-47817 HIGH

BlueWave Checkmate <2.0.2 - Privilege Escalation

CVE-2025-35939 MEDIUM KEV

Craft CMS < 4.15.3 and 5.0.0-alpha.1-5.7.5 - Unauthenticated Arbitrary File Write via Session File Injection

CVE-2025-47245 HIGH

BlueWave Checkmate <2.0.2 - Privilege Escalation

CVE-2025-3743 MEDIUM

Upsell Funnel Builder <3.0.0 - Info Disclosure

CVE-2025-3530 HIGH

WordPress Simple Shopping Cart <5.1.2 - Info Disclosure

CVE-2025-31327 MEDIUM

SAP Field Logistics - Data Tampering

CVE-2025-32816 LOW

CodeLit CourseLit <0.57.5 - Info Disclosure

CVE-2025-31333 MEDIUM

SAP S4CORE entity - Data Tampering via OData Meta-Data Property

CVE-2025-30152 MEDIUM

Sylius PayPal Plugin <2.0.2 - Info Disclosure

CVE-2025-30236 HIGH

Shearwater SecurEnvoy SecurAccess <9.4.515 - Auth Bypass

CVE-2025-29788 MEDIUM

Syliud PayPal Plugin <2.0.1 - Info Disclosure

CVE-2025-26312 MEDIUM

SendQuick Entera <11HF5 - Auth Bypass

CVE-2025-27893 LOW

Archer Platform <6.14.00202.10024 - Privilege Escalation

CVE-2025-25382 HIGH

Information Kerala Mission SANCHAYA <3.0.4 - Info Disclosure

CVE-2025-0436 HIGH

Google Chrome <132.0.6834.83 - Heap Corruption

CVE-2025-22384 HIGH

Optimizely Configured Commerce <5.2.2408 - Info Disclosure

CVE-2024-50703 MEDIUM

TeamPass <3.1.3.1 - Privilege Escalation

CVE-2024-12123 MEDIUM

Issuetrak 17.1 - Authenticated User Impersonation via Hidden Field Manipulation

Previous Page 4 of 5 Next

Details

Vulnerabilities 123

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy