CWE-471 · Modification of Assumed-Immutable Data (MAID)
32 CVEs classified under CWE-471 (Modification of Assumed-Immutable Data (MAID)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-55551 | High | 8.3 | 2025-03-19 | An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injectio… |
CVE-2020-26245 | High | 8.1 | 2020-11-27 | npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of sh… |
CVE-2020-15256 | High | 7.7 | 2020-10-19 | A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInherit… |
CVE-2024-9876 | High | 7.3 | 2025-04-30 | : Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4… |
CVE-2026-44798 | High | 7.1 | 2026-05-28 | Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could… |
CVE-2025-33136 | High | 7.1 | 2025-05-22 | IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another u… |
CVE-2024-34517 | Medium | 6.5 | 2024-05-07 | The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access. |
CVE-2023-43697 | Medium | 6.5 | 2023-10-09 | Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings v… |
CVE-2022-2390 | Medium | 6.1 | 2022-08-12 | Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google… |
CVE-2024-45672 | Medium | 6.0 | 2025-01-23 | IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which… |
CVE-2020-26237 | Medium | 5.8 | 2020-11-24 | Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious H… |
CVE-2023-46232 | Medium | 5.3 | 2023-10-25 | era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype v… |
CVE-2021-42701 | Medium | 5.0 | 2021-11-05 | An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack… |
CVE-2020-26268 | Medium | 4.4 | 2020-12-10 | In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutab… |
CVE-2024-51462 | Medium | 4.0 | 2025-01-17 | IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of a… |
CVE-2022-1561 | Medium | 4.0 | 2022-08-01 | Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to… |
CVE-2026-8492 | Low | 2.7 | 2026-05-19 | Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects T… |
CVE-2023-2904 | | 2023-06-07 | The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmabl… | |
CVE-2022-21824 | | 2022-02-24 | Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while s… | |
CVE-2021-24046 | | 2022-01-14 | A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application… |