Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-915

CWE-915

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.

49 vulnerabilities with CWE-915

CVE-2026-30822 HIGH

Flowise <3.0.13 - Code Injection

CVE-2025-15602 HIGH

Snipe-IT <8.3.7 - Privilege Escalation

CVE-2026-28781 MEDIUM

Craft CMS <4.17.0-beta.1/5.9.0-beta.1 - Privilege Escalation

CVE-2026-28219 MEDIUM

Discourse <2025.12.2/2026.1.1/2026.2.0 - Privilege Escalation

CVE-2026-27125 MEDIUM

Svelte <5.51.5 - Info Disclosure

CVE-2026-24140 LOW

MyTube <1.7.78 - Mass Assignment

CVE-2026-23522 LOW

LobeChat <2.0.0-next.193 - Privilege Escalation

@adonisjs/lucid <22.0.0-next.6 - SQL Injection

CVE-2026-22783 CRITICAL

Iris <2.4.24 - Privilege Escalation

CVE-2026-21695 MEDIUM

Titra <0.99.49 - Mass Assignment

CVE-2025-61781 HIGH

Citeum Opencti < 6.8.1 - Incorrect Authorization

CVE-2025-68109 CRITICAL

Churchcrm < 6.5.3 - Remote Code Execution

CVE-2025-66451 MEDIUM

LibreChat <0.8.0 - Code Injection

MXsecurity Series - Unauthenticated RCE

CVE-2025-66400 MEDIUM

mdast-util-to-hast <13.2.1 - Info Disclosure

CVE-2025-13081 MEDIUM

Drupal < 10.4.9 - Insecure Deserialization

CVE-2025-52656 HIGH

HCL MyXalytics: 6.6 - Info Disclosure

CVE-2025-7104 HIGH

danny-avila/librechat - Mass Assignment

DeepDiff <8.6.0 - RCE

CVE-2024-57708 MEDIUM

OneTrust SDK <6.33.0 - DoS

CVE-2025-6107 LOW

comfyanonymous comfyui <0.3.40 - Code Injection

CVE-2025-49597 LOW

Handcraftedinthealps Goodby-csv < 1.4.3 - Remote Code Execution

CVE-2025-31674 HIGH

Drupal Drupal core <10.3.13-11.1.3 - Object Injection

CVE-2025-30358 HIGH

Mesop <0.14.1 - DoS

CVE-2024-10359 MEDIUM

danny-avila/librechat <0.7.5-rc2 - Code Injection

Page 1 of 2 Next

Details

Vulnerabilities 49

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy