VYPR

CWE-420

Unprotected Alternate Channel

BaseDraft

Description

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

Hierarchy (View 1000)

CVEs mapped to this weakness (23)

page 1 of 2
  • CVE-2025-52921CriJun 23, 2025
    risk 0.64cvss 9.9epss 0.00

    In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the…

  • CVE-2026-40217HigApr 10, 2026
    risk 0.57cvss 8.8epss 0.01

    LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

  • CVE-2025-8557HigSep 11, 2025
    risk 0.57cvss 8.8epss 0.00

    An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO) network segment may be able to manipulate the local device to create an alternate…

  • CVE-2025-41727HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.

  • CVE-2025-59033HigSep 8, 2025
    risk 0.48cvss 7.4epss 0.00

    The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash…

  • CVE-2024-6242HigAug 1, 2024
    risk 0.47cvss epss 0.09

    A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that…

  • CVE-2025-53967HigOct 8, 2025
    risk 0.46cvss 8.0epss 0.07

    Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to…

  • CVE-2026-43505MedMay 1, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur.

  • CVE-2026-40435MedMay 13, 2026
    risk 0.34cvss 5.3epss 0.00

    When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2025-66432MedNov 30, 2025
    risk 0.33cvss 5.0epss 0.00

    In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date.

  • CVE-2022-28693MedFeb 14, 2025
    risk 0.31cvss 4.7epss 0.00

    Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

  • CVE-2026-25916MedFeb 9, 2026
    risk 0.28cvss 4.3epss 0.01

    Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.

  • CVE-2024-4444MedMay 14, 2024
    risk 0.28cvss 5.3epss 0.01

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated…

  • CVE-2024-6099MedJul 2, 2024
    risk 0.27cvss 5.3epss 0.00

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible…

  • CVE-2025-62820MedOct 23, 2025
    risk 0.25cvss 4.9epss 0.00

    Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.

  • CVE-2025-56558LowOct 29, 2025
    risk 0.20cvss 3.0epss 0.00

    The Dyson MQTT server (2022 and possibly later) allows publications and subscriptions by a client that has the correct values of AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, and device serial number, even if a device (such as a Pure Hot+Cool device) has been…

  • CVE-2025-52968LowJun 23, 2025
    risk 0.18cvss 2.7epss 0.00

    xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange…

  • CVE-2026-35388LowApr 2, 2026
    risk 0.16cvss 2.5epss 0.00

    OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

  • CVE-2020-8558Jul 27, 2020
    risk 0.02cvss epss 0.04

    The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a…

  • CVE-2025-67303Jan 5, 2026
    risk 0.00cvss epss 0.01

    An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface