CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
72 vulnerabilities with CWE-915
CVE-2024-55638
CRITICAL
Drupal < 7.102 - Insecure Deserialization
CVSS 9.8
CVE-2024-55637
CRITICAL
Drupal < 10.2.11 - Insecure Deserialization
CVSS 9.8
CVE-2024-55636
CRITICAL
Drupal < 10.2.11 - Insecure Deserialization
CVSS 9.8
CVE-2024-5452
CRITICAL
Lightningai Pytorch Lightning < 2.3.3 - Remote Code Execution
CVSS 9.8
CVE-2024-0404
CRITICAL
Mintplex-Labs Anything-LLM - Privilege Escalation
CVSS 9.1
CVE-2024-3283
HIGH
Mintplexlabs Anythingllm < 1.0.0 - Privilege Escalation
CVSS 7.2
CVE-2023-39983
MEDIUM
MXsecurity <1.0.1 - Info Disclosure
CVSS 5.3
CVE-2023-32079
HIGH
Netmaker <0.17.1 and 0.18.6 - Privilege Escalation
CVSS 8.8
CVE-2023-0574
MEDIUM
Yugabytedb Managed < 2.13 - SSRF
CVSS 6.8
CVE-2022-48359
HIGH
Recovery Mode - Code Injection
CVSS 7.5
CVE-2022-43441
HIGH
node-sqlite3 <5.1.1 - RCE
CVSS 8.1
CVE-2022-4068
MEDIUM
LibreNMS <= 22.10.0 - Account Re-enablement and XSS
CVSS 5.4
CVE-2022-2625
HIGH
PostgreSQL - RCE
CVSS 8.0
CVE-2022-31106
HIGH
Underscore.deep <0.5.3 - Prototype Pollution
CVSS 8.3
CVE-2022-24802
HIGH
Deepmerge-ts < 4.0.2 - Prototype Pollution
CVSS 8.1
CVE-2021-32811
HIGH
Zope <4.6.3, 5.3 - RCE
CVSS 7.5
CVE-2021-32807
MEDIUM
Zope - Info Disclosure
CVSS 4.4
CVE-2021-21368
MEDIUM
Msgpack5 < 3.6.1 - Prototype Pollution
CVSS 6.7
CVE-2021-21297
HIGH
Node-Red <1.2.8 - Prototype Pollution
CVSS 7.7
CVE-2021-21304
HIGH
Dynamoose <2.7.0 - Prototype Pollution
CVSS 7.2
CVE-2020-11066
HIGH
TYPO3 CMS >=9.0.0 <9.5.17, >=10.0.0 <10.4.2 - Code Injection
CVSS 8.7
CVE-2019-9057
HIGH
Cmsmadesimple Cms Made Simple < 2.2.8 - Insecure Deserialization
CVSS 8.8
Details
Vulnerabilities
72