CWE-915

Improperly Controlled Modification of Dynamically-Determined Object Attributes (Mass Assignment)

MITRE

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

Critical

High

Medium

Low

Severity distribution

Recent CVEs

showing 12 of 12

CVE-2026-46475High· 8.8EPSS 0%21 h ago
FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover
npm
CVE-2026-46517High· 7.8EPSS 0%2 d ago
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publ
pypi
CVE-2026-46441Critical· 9.6EPSS 0%2 d ago
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users t
npm
CVE-2026-42863High· 8.1EPSS 0%2 d ago
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify serv
npm
CVE-2026-42862Medium· 5.0EPSS 0%2 d ago
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to mod
npm
CVE-2026-42861Critical· 9.6EPSS 0%2 d ago
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to
npm
CVE-2026-46480High· 8.8EPSS 0%4 d ago
FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
npm
CVE-2026-46479—EPSS 0%4 d ago
FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover
npm
CVE-2026-46476—EPSS 0%4 d ago
FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover
npm
CVE-2026-46478—EPSS 0%4 d ago
FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover
npm
CVE-2026-46477—EPSS 0%4 d ago
FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover
npm
CVE-2026-42540Medium· 4.3EPSS 0%7 d ago
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.