Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-915

CWE-915

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.

98 vulnerabilities with CWE-915

CVE-2026-24140 LOW

MyTube < 1.7.78 - Mass Assignment via Settings Management

CVE-2026-23522 LOW

LobeChat <2.0.0-next.193 - Privilege Escalation

CVE-2026-22814 HIGH

@adonisjs/lucid <22.0.0-next.6 - SQL Injection

CVE-2026-22783 CRITICAL

Iris <2.4.24 - Privilege Escalation

CVE-2026-21695 MEDIUM

Titra < 0.99.50 - Authenticated Mass Assignment via Customfields Parameter

CVE-2025-69691 CRITICAL

Netgate pfSense CE 2.8.0 - Code Injection

CVE-2025-69690 CRITICAL

Netgate pfSense CE 2.7.2 - Code Injection

CVE-2025-14341 HIGH

Input Data Manipulation in DivvyDrive Information Technologies' DivvyDrive

CVE-2025-15602 HIGH

Snipe-IT <8.3.7 - Privilege Escalation

CVE-2025-61781 HIGH

OpenCTI < 6.8.1 - Unauthenticated Authorization Bypass via WorkspacePopoverDeletionMutation

CVE-2025-68109 CRITICAL

ChurchCRM < 6.5.3 - Remote Code Execution via Database Restore File Upload

CVE-2025-66451 MEDIUM

LibreChat < 0.8.1 - Improperly Controlled Modification of Dynamically-Determined Object Attributes via PATCH Endpoint

CVE-2025-9315 MEDIUM

MXsecurity Series - Unauthenticated RCE

CVE-2025-66400 MEDIUM

mdast-util-to-hast <13.2.1 - Info Disclosure

CVE-2025-13081 MEDIUM

Drupal 8.0.0-10.4.8, 10.5.0-10.5.5, 11.0.0-11.1.8, 11.2.0-11.2.7 - Object Injection

CVE-2025-52656 HIGH

HCL MyXalytics: 6.6 - Info Disclosure

CVE-2025-7104 HIGH

danny-avila/librechat - Mass Assignment

CVE-2025-58367 CRITICAL

deepdiff 5.0.0-8.6.0 - Remote Code Execution via Delta Class Pollution and Pickle Deserialization

CVE-2025-6107 LOW

comfyanonymous comfyui <0.3.40 - Code Injection

CVE-2025-49597 LOW

goodby-csv < 1.4.3 - Gadget Chain for Remote Code Execution via Insecure Deserialization

CVE-2025-31674 HIGH

Drupal Drupal core <10.3.13-11.1.3 - Object Injection

CVE-2025-30358 HIGH

Mesop < 0.14.1 - Class Pollution leading to Denial of Service and Identity Confusion

CVE-2025-2304 CRITICAL

Camaleon CMS < 2.9.1 - Privilege Escalation via Mass Assignment in UsersController

CVE-2025-24370 CRITICAL

django-unicorn < 0.62.0 - Python Class Pollution via set_property_value

CVE-2024-57708 MEDIUM

OneTrust SDK 6.33.0 - Denial of Service via Prototype Pollution

Previous Page 3 of 4 Next

Details

Vulnerabilities 98

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy