Description
The product does not properly protect an assumed-immutable element from being modified by an attacker.
Extended Description
This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.
CVE vulnerabilities with CWE-471 (37)
9.8
CVSS
CRITICAL
CVE-2022-25893
pub. 2022-12-21
9.8
CVSS
CRITICAL
CVE-2020-8158
pub. 2020-09-18
9.8
CVSS
CRITICAL
CVE-2020-8147
pub. 2020-04-03
8.8
CVSS
HIGH
CVE-2018-3719
pub. 2018-06-07
8.8
CVSS
HIGH
CVE-2018-3720
pub. 2018-06-07
8.8
CVSS
HIGH
CVE-2018-3722
pub. 2018-06-07
8.8
CVSS
HIGH
CVE-2018-3723
pub. 2018-06-07
8.8
CVSS
HIGH
CVE-2018-3728
pub. 2018-03-30
8.6
CVSS
HIGH
CVE-2026-54267
pub. 2026-06-22
8.5
CVSS
HIGH
CVE-2024-9876
pub. 2025-04-30
8.3
CVSS
HIGH
CVE-2024-55551
pub. 2025-03-19
8.2
CVSS
HIGH
CVE-2022-21824
pub. 2022-02-24
8.1
CVSS
HIGH
CVE-2020-26245
pub. 2020-11-27
7.7
CVSS
HIGH
CVE-2020-15256
pub. 2020-10-19
7.5
CVSS
HIGH
CVE-2020-8268
pub. 2020-11-09
7.3
CVSS
HIGH
CVE-2023-2904
pub. 2023-06-07
7.3
CVSS
HIGH
CVE-2020-8116
pub. 2020-02-04
7.1
CVSS
HIGH
CVE-2026-44798
pub. 2026-05-28
7.1
CVSS
HIGH
CVE-2025-33136
pub. 2025-05-22
6.5
CVSS
MEDIUM
CVE-2024-34517
pub. 2024-05-07
Showing 20 of 37 vulnerabilities