Skip to main content

CWE-471

Modification of Assumed-Immutable Data (MAID)

31 CVEs Avg CVSS 7.1 MITRE
3
CRITICAL
15
HIGH
12
MEDIUM
1
LOW
13
POC
0
KEV

Monthly

CVE-2026-8492 PHP LOW PATCH Monitor

Resource Location Spoofing in the Drupal 'Translate Drupal with GTranslate' module (versions 0.0.0 through before 3.0.5) allows a high-privileged authenticated attacker to modify data the module treats as immutable, enabling redirection of translation resource locations. Exploitation requires network access but demands administrator-level privileges, yielding only low integrity impact with no confidentiality or availability consequences. No public exploit code exists and EPSS sits at 0.02% (5th percentile), indicating negligible exploitation interest at this time.

Information Disclosure Translate Drupal With Gtranslate
NVD VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-44798 PyPI HIGH PATCH GHSA This Week

Authenticated users with GitRepository modification privileges in Nautobot can manipulate the current_head field via REST API to force local repository clones to check out arbitrary commits, causing repository state inconsistency or denial of service. The unintended write access stems from improper REST API serializer configuration (CWE-471: Modification of Assumed-Immutable Data). Vendor-released patches in versions 2.4.33 and 3.1.2 add field-level access controls and input validation to prevent manipulation of the internal current_head tracking field. No public exploit identified at time of analysis, though exploitation requires only low-privilege authenticated API access.

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-33136 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-9876 HIGH This Week

: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2024-55551 HIGH This Week

An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Jdbc Driver
NVD GitHub
CVSS 3.1
8.3
EPSS
0.5%
CVE-2024-45672 MEDIUM This Month

IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Security Verify Bridge
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2024-51462 MEDIUM Monitor

IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Qradar Wincollect
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2024-34517 Maven MEDIUM PATCH This Month

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Neo4j
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-46232 MEDIUM POC PATCH This Month

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Zkvyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-43697 MEDIUM This Month

Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apu0200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Resource Location Spoofing in the Drupal 'Translate Drupal with GTranslate' module (versions 0.0.0 through before 3.0.5) allows a high-privileged authenticated attacker to modify data the module treats as immutable, enabling redirection of translation resource locations. Exploitation requires network access but demands administrator-level privileges, yielding only low integrity impact with no confidentiality or availability consequences. No public exploit code exists and EPSS sits at 0.02% (5th percentile), indicating negligible exploitation interest at this time.

Information Disclosure Translate Drupal With Gtranslate
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Authenticated users with GitRepository modification privileges in Nautobot can manipulate the current_head field via REST API to force local repository clones to check out arbitrary commits, causing repository state inconsistency or denial of service. The unintended write access stems from improper REST API serializer configuration (CWE-471: Modification of Assumed-Immutable Data). Vendor-released patches in versions 2.4.33 and 3.1.2 add field-level access controls and input validation to prevent manipulation of the internal current_head tracking field. No public exploit identified at time of analysis, though exploitation requires only low-privilege authenticated API access.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
EPSS 0% CVSS 8.5
HIGH This Week

: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
EPSS 1% CVSS 8.3
HIGH This Week

An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Jdbc Driver
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Security Verify Bridge
NVD
EPSS 0% CVSS 4.0
MEDIUM Monitor

IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Qradar Wincollect
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Neo4j
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Zkvyper
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apu0200 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy