Search Vulnerabilities

FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration

Vvveb < 1.0.8.1 Privilege Escalation via admin/user/save

Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate

Update of type field in restricted TLS certificate allows privilege escalation to cluster admin

Improper Control of User-Modifiable Attributes in RES CreateSession API

SandboxJS: Sandbox integrity escape

ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

z-9527 admin User Update Endpoint user.js dynamically-determined object attributes

gougucms User Registration Login.php reg_submit dynamically-determined object attributes

APTRS: Privilege Escalation via Mass Assignment of is_superuser in User Edit Endpoint

ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor

Parse Server session creation endpoint allows overwriting server-generated session fields

Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin

OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities

(SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.

Winter: Privilege escalation by authenticated backend users

django-unicorn affected by component state manipulation via unvalidated attribute access

Flowise: Mass Assignment in `/api/v1/leads` Endpoint

Snipe-IT < 8.3.7 Mass Assignment Vulnerability Leading to Privilege Escalation

Craft Affected by Entries Authorship Spoofing via Mass Assignment