Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-915

CWE-915

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.

98 vulnerabilities with CWE-915

CVE-2024-10359 MEDIUM

danny-avila/librechat <0.7.5-rc2 - Code Injection

CVE-2024-55638 CRITICAL

Drupal 7.0-7.101, 8.8.0-10.2.10, 10.3.0-10.3.8 - Deserialization of Untrusted Data

CVE-2024-55637 CRITICAL

Drupal 8.0.0-10.2.10 10.3.0-10.3.8 11.0.0-11.0.7 - Object Injection via Insecure Deserialization

CVE-2024-55636 CRITICAL

Drupal 8.0.0-10.2.10 10.3.0-10.3.8 11.0.0-11.0.7 - Object Injection via Insecure Deserialization

CVE-2024-5452 CRITICAL

pytorch_lightning < 2.3.3 - Remote Code Execution via Deepdiff Delta Dunder Attribute Bypass

CVE-2024-0404 CRITICAL

Mintplex-Labs Anything-LLM - Privilege Escalation

CVE-2024-3283 HIGH

AnythingLLM < 1.0.0 - Authenticated Privilege Escalation via Mass Assignment in Admin System Preferences

CVE-2023-39983 MEDIUM

MXsecurity <1.0.1 - Info Disclosure

CVE-2023-32079 HIGH

Netmaker <0.17.1 and 0.18.6 - Privilege Escalation

CVE-2023-0574 MEDIUM

YugabyteDB Managed 2.0.0.0-2.13.0.0 - Server-Side Request Forgery

CVE-2022-48359 HIGH

Huawei EMUI and HarmonyOS - Arbitrary Disk Modification via Recovery Mode

CVE-2022-43441 HIGH

Ghost sqlite3 5.0.0-5.1.1 - Remote Code Execution via Statement Bindings

CVE-2022-4068 MEDIUM

LibreNMS <= 22.10.0 - Account Re-enablement and XSS

CVE-2022-2625 HIGH

PostgreSQL - Arbitrary Code Execution via Extension Schema Object Hijacking

CVE-2022-31106 HIGH

Underscore.deep <0.5.3 - Prototype Pollution

CVE-2022-24802 HIGH

deepmerge-ts < 4.0.2 - Prototype Pollution via defaultMergeRecords Function

CVE-2021-32811 HIGH

Zope 4.0-4.6.2 and 5.0-5.2 - Remote Code Execution via Python Script Object Modification

CVE-2021-32807 MEDIUM

AccessControl 4.0-4.2 - Remote Code Execution via String Formatter Override

CVE-2021-21368 MEDIUM

msgpack5 < 3.6.1 - Prototype Poisoning via __proto__ Key Decoding

CVE-2021-21297 HIGH

Node-Red <1.2.8 - Prototype Pollution

CVE-2021-21304 HIGH

Dynamoose <2.7.0 - Prototype Pollution

CVE-2020-11066 HIGH

TYPO3 CMS >=9.0.0 <9.5.17, >=10.0.0 <10.4.2 - Code Injection

CVE-2019-9057 HIGH

CMS Made Simple < 2.2.8 - Authenticated Object Injection via FilePicker Module

Previous Page 4 of 4

Details

Vulnerabilities 98

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy