Fallos del tipo CWE-915
105 resultadosCVE-2025-15602HIGHSnipe-IT < 8.3.7 Mass Assignment Vulnerability Leading to Privilege EscalationEPSS 0.5%CVE-2026-32640HIGH(SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.EPSS 0.5%CVE-2025-24370CRITICALDjango-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication BypassEPSS 0.5%CVE-2026-40897HIGHMath.js: Unsafe object property setter in mathjsEPSS 0.4%CVE-2026-6912HIGHPrivilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops WheelEPSS 0.4%CVE-2026-56142CRITICALIn JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 privilege escalation by attaEPSS 0.4%CVE-2026-6366MEDIUMDrupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002EPSS 0.4%CVE-2026-27125MEDIUMSvelte SSR attribute spreading includes inherited properties from prototype chainEPSS 0.4%CVE-2026-29056HIGHKanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become adminEPSS 0.4%CVE-2026-45229HIGHQuark Drive (quark-auto-save) < 0.8.5 Mass Assignment via POST /updateEPSS 0.4%CVE-2025-6107LOWcomfyanonymous comfyui utils.py set_attr dynamically-determined object attributesEPSS 0.4%CVE-2026-44635HIGHKysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`EPSS 0.4%CVE-2025-9315MEDIUMUnauthenticated Device Registration Vulnerability in MXsecurity SeriesEPSS 0.4%CVE-2026-46721MEDIUMBroken Access Control in extension "Frontend User Registration" (sf_register)EPSS 0.4%CVE-2026-54515MEDIUMjackson-databind: Case-insensitive deserialization bypasses per-property @JsonIgnorePropertiesEPSS 0.4%CVE-2024-10359MEDIUMMass Assignment in Preset Creation Allows User ID Manipulation in danny-avila/librechatEPSS 0.3%CVE-2026-46478HIGHFlowise: DatasetRow create+update mass-assignment allows cross-workspace row takeoverEPSS 0.3%CVE-2026-46477HIGHFlowise: Dataset create+update mass-assignment allows cross-workspace dataset takeoverEPSS 0.3%CVE-2026-46476HIGHFlowise: CustomTemplate create+update mass-assignment allows cross-workspace template takeoverEPSS 0.3%CVE-2026-46475HIGHFlowise: Assistant create+update mass-assignment allows cross-workspace assistant takeoverEPSS 0.3%