VYPR

CWE-15

External Control of System or Configuration Setting

BaseIncomplete

Description

One or more system settings or configuration elements can be externally controlled by a user.

Allowing external control of system settings can disrupt service or cause an application to behave in unexpected, and potentially malicious ways.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-13 · CAPEC-146 · CAPEC-176 · CAPEC-203 · CAPEC-270 · CAPEC-271 · CAPEC-579 · CAPEC-69 · CAPEC-76 · CAPEC-77

CVEs mapped to this weakness (44)

page 1 of 3
  • CVE-2025-1097HigMar 25, 2025
    risk 0.65cvss 8.8epss 0.35

    A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx…

  • CVE-2025-24514HigMar 25, 2025
    risk 0.64cvss 8.8epss 0.32

    A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and…

  • CVE-2025-1098HigMar 25, 2025
    risk 0.63cvss 8.8epss 0.83

    A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of…

  • CVE-2026-46399CriJun 5, 2026
    risk 0.61cvss epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code…

  • CVE-2026-30960CriMar 10, 2026
    risk 0.61cvss epss 0.00

    rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT (Just-In-Time) compilation engine, which is fully exposed via the…

  • CVE-2026-6973HigKEVMay 7, 2026
    risk 0.59cvss 7.2epss 0.34

    An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.

  • CVE-2026-45087CriMay 27, 2026
    risk 0.58cvss 10.0epss 0.01

    Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key.…

  • CVE-2026-1784HigJun 2, 2026
    risk 0.57cvss 8.8epss 0.00

    The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy…

  • CVE-2025-0425HigFeb 18, 2025
    risk 0.55cvss epss 0.00

    Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt…

  • CVE-2026-33092HigApr 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.

  • CVE-2026-41489HigMay 11, 2026
    risk 0.50cvss 8.8epss 0.00

    Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd (pihole-FTL-prestart.sh and pihole-FTL-poststop.sh) read the files.pid…

  • CVE-2026-41294HigApr 21, 2026
    risk 0.49cvss 8.6epss 0.00

    OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and…

  • CVE-2026-27203HigFeb 21, 2026
    risk 0.47cvss 8.3epss 0.00

    eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_tokens tool allows updating the .env…

  • CVE-2025-64726HigNov 13, 2025
    risk 0.47cvss epss 0.00

    Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions (separate from installers) prior to 0.15.5 are vulnerable to arbitrary code execution when run in…

  • CVE-2024-11166HigJan 22, 2025
    risk 0.46cvss epss 0.00

    For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution…

  • CVE-2026-41396HigApr 28, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin…

  • CVE-2026-41384HigApr 28, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary…

  • CVE-2026-41336HigApr 23, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code.

  • CVE-2025-41452MedAug 22, 2025
    risk 0.44cvss epss 0.00

    Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions

  • CVE-2019-25716MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient…