Fallos del tipo CWE-915
105 resultadosCVE-2026-46480HIGHFlowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeoverEPSS 0.3%CVE-2026-46479HIGHFlowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeoverEPSS 0.3%CVE-2026-41267HIGHFlowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization AssociationEPSS 0.3%CVE-2026-41277HIGHFlowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)EPSS 0.3%CVE-2026-28781HIGHCraft Affected by Entries Authorship Spoofing via Mass AssignmentEPSS 0.3%CVE-2026-45396MEDIUMOpen WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data ManipulationEPSS 0.3%CVE-2026-32742MEDIUMParse Server session creation endpoint allows overwriting server-generated session fieldsEPSS 0.3%CVE-2026-22783CRITICALIris Allows Arbitrary File Deletion via Mass Assignment in Datastore File ManagementEPSS 0.3%CVE-2026-40569CRITICALFreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email ExfiltrationEPSS 0.3%CVE-2026-48150CRITICALBudibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assignEPSS 0.3%CVE-2026-34445HIGHONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.EPSS 0.3%CVE-2026-54516MEDIUMjackson-databind: Renamed @JsonIgnore'd setters can deserialize via private fieldsEPSS 0.3%CVE-2026-24140LOWMyTube has Mass Assignment via Settings ManagementEPSS 0.3%CVE-2025-66451MEDIUMLibreChat's Improper Input Validation in Prompt Creation API Enables Unauthorized Permission ChangesEPSS 0.3%CVE-2025-7104MEDIUMMass Assignment in danny-avila/librechatEPSS 0.3%CVE-2026-46441HIGHFlowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource ReassignmentEPSS 0.3%CVE-2026-34179CRITICALUpdate of type field in restricted TLS certificate allows privilege escalation to cluster adminEPSS 0.3%CVE-2026-42044MEDIUMAxios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`EPSS 0.3%CVE-2026-42863HIGHFlowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow ReassignmentEPSS 0.3%CVE-2026-40486MEDIUMKimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rateEPSS 0.3%