Fallos del tipo CWE-915
105 resultadosCVE-2026-42861HIGHFlowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource ReassignmentEPSS 0.3%CVE-2026-56276MEDIUMFlowise - Mass Assignment in PUT /api/v1/user Allows Password Hash OverrideEPSS 0.3%CVE-2025-66400MEDIUMmdast-util-to-hast unsanitized class attributeEPSS 0.3%CVE-2026-21695MEDIUMTitra API Contains Mass Assignment VulnerabilityEPSS 0.2%CVE-2026-5251MEDIUMz-9527 admin User Update Endpoint user.js dynamically-determined object attributesEPSS 0.2%CVE-2026-5248MEDIUMgougucms User Registration Login.php reg_submit dynamically-determined object attributesEPSS 0.2%CVE-2026-45058CRITICALelecterm: Import unsafe bookmark data could lead to unsafe operation when click local type bookmarkEPSS 0.2%CVE-2025-52656HIGHHCL MyXalytics product is affected by Mass Assignment vulnerabilityEPSS 0.2%CVE-2026-21886MEDIUMOpenCTI's GraphQL Mutations Allow Deletion of Unrelated EntitiesEPSS 0.2%CVE-2025-13081MEDIUMDrupal core - Moderately critical - Gadget chain - SA-CORE-2025-006EPSS 0.2%CVE-2025-14341HIGHInput Data Manipulation in DivvyDrive Information Technologies' DivvyDriveEPSS 0.2%CVE-2026-31251HIGHCosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in EPSS 0.2%CVE-2025-49597LOWhandcraftedinthealps goodby-csv Potential Gadget Chain allowing Remote Code ExecutionEPSS 0.2%CVE-2026-31815MEDIUMdjango-unicorn affected by component state manipulation via unvalidated attribute accessEPSS 0.2%CVE-2026-45687HIGHRocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessageEPSS 0.2%CVE-2025-61781HIGHGraphQL IDOR allows authenticated user to delete workspace content of other usersEPSS 0.2%CVE-2026-28219LOWPrivilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global BannersEPSS 0.2%CVE-2026-42862HIGHFlowise: Mass Assignment in Tool Update Endpoint Allows Cross-Workspace Resource ReassignmentEPSS 0.2%CVE-2026-23522LOWLobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File DeletionEPSS 0.2%CVE-2026-42540MEDIUMIRIS has a Mass Assignment issueEPSS 0.2%