Login Sign Up

CWE-915: CWE-915

18
Total CVEs
4
Critical
8
High
7.6
Avg CVSS

Yearly Trend

2026
5
2025
6
2024
4
2022
2
2021
1

Top Affected Vendors

1 Drupal 4
2 Hcltech 1
3 Librechat 1
4 Kromit 1
5 Svelte 1
6 Franklioxygen 1
7 Mintplexlabs 1
8 Lightningai 1
9 Zope 1
10 Clever 1

All CWE-915 CVEs (18)

CVE-2024-55636
9.8

This CVE describes a gadget chain vulnerability in Drupal Core that enables object injection when untrusted data is deserialized. While not directly e...

Dec 10, 2024
CVE-2024-55638
9.8

This CVE describes a gadget chain in Drupal Core that enables object injection when untrusted data is deserialized. While the chain itself isn't direc...

Dec 10, 2024
CVE-2024-5452
9.8

This vulnerability allows remote attackers to execute arbitrary code on self-hosted PyTorch Lightning applications by exploiting improper deserializat...

Jun 6, 2024
CVE-2024-0404
9.1

This CVE describes a mass assignment vulnerability in the Anything-LLM software that allows attackers to create administrative accounts by interceptin...

Apr 16, 2024
CVE-2025-15602
8.8

This mass assignment vulnerability in Snipe-IT allows authenticated low-privileged users to modify restricted user attributes, including those of Supe...

Mar 6, 2026
CVE-2022-31106
8.3

CVE-2022-31106 is a prototype pollution vulnerability in underscore.deep library versions before 0.5.3. Attackers can craft malicious payloads to poll...

Jun 28, 2022
CVE-2025-30358
8.1

A class pollution vulnerability in Mesop Python UI framework allows attackers to overwrite global variables and class attributes during runtime. This ...

Mar 27, 2025
CVE-2022-24802
8.1

deepmerge-ts is vulnerable to Prototype Pollution, allowing attackers to modify object prototypes and potentially execute arbitrary code or cause deni...

Apr 1, 2022
CVE-2025-52656
7.6

CVE-2025-52656 is a mass assignment vulnerability in HCL MyXalytics 6.6 that allows attackers to modify sensitive application fields without proper au...

Oct 3, 2025
CVE-2025-7104
7.5

A mass assignment vulnerability in danny-avila/librechat allows attackers to manipulate sensitive fields by sending extra parameters in requests that ...

Sep 29, 2025
CVE-2025-31674
7.5

This CVE describes an object injection vulnerability in Drupal core that allows attackers to modify dynamically-determined object attributes improperl...

Mar 31, 2025
CVE-2021-32811
7.5

CVE-2021-32811 is a remote code execution vulnerability in Zope web application server that allows attackers with admin-level 'Manager' role privilege...

Aug 2, 2021
CVE-2026-27125
6.8

This vulnerability in Svelte's server-side rendering allows attribute spreading on elements to enumerate inherited properties from an object's prototy...

Feb 20, 2026
CVE-2025-13081
5.9

This CVE describes an object injection vulnerability in Drupal core that allows attackers to modify dynamically-determined object attributes improperl...

Nov 18, 2025
CVE-2026-21695
4.3

This CVE describes a Mass Assignment vulnerability in Titra time tracking software that allows authenticated users to inject arbitrary fields into tim...

Jan 8, 2026
CVE-2026-24140
2.7

MyTube versions 1.7.78 and below have a mass assignment vulnerability in settings management that allows attackers to modify arbitrary application set...

Jan 24, 2026
CVE-2026-22814
N/A

A mass assignment vulnerability in @adonisjs/lucid allows remote attackers who can influence data passed to Lucid model assignments to overwrite inter...

Jan 13, 2026
CVE-2025-9315
N/A

An unauthenticated device registration vulnerability in MXsecurity Series allows remote attackers to register unauthorized devices by sending speciall...

Dec 10, 2025

About CWE-915 (CWE-915)

Our database tracks 18 CVEs classified as CWE-915, with 4 rated critical and 8 rated high severity. The average CVSS score for CWE-915 vulnerabilities is 7.6.

External reference: View CWE-915 on MITRE CWE →

Monitor CWE-915 Vulnerabilities

Get alerted when new CWE-915 CVEs affect your infrastructure.

Start Monitoring Free