CWE-420
Unprotected Alternate Channel
Description
The product protects a primary channel, but it does not use the same level of protection for an alternate channel.
Hierarchy (View 1000)
CVEs mapped to this weakness (23)
page 1 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-52921 | Cri | 0.64 | 9.9 | 0.00 | Jun 23, 2025 | In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the… | ||
| CVE-2026-40217 | Hig | 0.57 | 8.8 | 0.01 | Apr 10, 2026 | LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI. | ||
| CVE-2025-8557 | Hig | 0.57 | 8.8 | 0.00 | Sep 11, 2025 | An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO) network segment may be able to manipulate the local device to create an alternate… | ||
| CVE-2025-41727 | — | Hig | 0.51 | 7.8 | 0.00 | Jan 27, 2026 | A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access. | |
| CVE-2025-59033 | — | Hig | 0.48 | 7.4 | 0.00 | Sep 8, 2025 | The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash… | |
| CVE-2024-6242 | Hig | 0.47 | — | 0.09 | Aug 1, 2024 | A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that… | ||
| CVE-2025-53967 | — | Hig | 0.46 | 8.0 | 0.07 | Oct 8, 2025 | Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to… | |
| CVE-2026-43505 | Med | 0.42 | 6.5 | 0.00 | May 1, 2026 | An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur. | ||
| CVE-2026-40435 | — | Med | 0.34 | 5.3 | 0.00 | May 13, 2026 | When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |
| CVE-2025-66432 | Med | 0.33 | 5.0 | 0.00 | Nov 30, 2025 | In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date. | ||
| CVE-2022-28693 | Med | 0.31 | 4.7 | 0.00 | Feb 14, 2025 | Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||
| CVE-2026-25916 | Med | 0.28 | 4.3 | 0.01 | Feb 9, 2026 | Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage. | ||
| CVE-2024-4444 | Med | 0.28 | 5.3 | 0.01 | May 14, 2024 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated… | ||
| CVE-2024-6099 | Med | 0.27 | 5.3 | 0.00 | Jul 2, 2024 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible… | ||
| CVE-2025-62820 | Med | 0.25 | 4.9 | 0.00 | Oct 23, 2025 | Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network. | ||
| CVE-2025-56558 | Low | 0.20 | 3.0 | 0.00 | Oct 29, 2025 | The Dyson MQTT server (2022 and possibly later) allows publications and subscriptions by a client that has the correct values of AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, and device serial number, even if a device (such as a Pure Hot+Cool device) has been… | ||
| CVE-2025-52968 | Low | 0.18 | 2.7 | 0.00 | Jun 23, 2025 | xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange… | ||
| CVE-2026-35388 | Low | 0.16 | 2.5 | 0.00 | Apr 2, 2026 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | ||
| CVE-2020-8558 | 0.02 | — | 0.04 | Jul 27, 2020 | The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a… | |||
| CVE-2025-67303 | 0.00 | — | 0.01 | Jan 5, 2026 | An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface |
- risk 0.64cvss 9.9epss 0.00
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the…
- risk 0.57cvss 8.8epss 0.01
LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.
- risk 0.57cvss 8.8epss 0.00
An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO) network segment may be able to manipulate the local device to create an alternate…
- risk 0.51cvss 7.8epss 0.00
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.
- risk 0.48cvss 7.4epss 0.00
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash…
- risk 0.47cvss —epss 0.09
A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that…
- risk 0.46cvss 8.0epss 0.07
Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to…
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur.
- risk 0.34cvss 5.3epss 0.00
When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- risk 0.33cvss 5.0epss 0.00
In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date.
- risk 0.31cvss 4.7epss 0.00
Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- risk 0.28cvss 4.3epss 0.01
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.
- risk 0.28cvss 5.3epss 0.01
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated…
- risk 0.27cvss 5.3epss 0.00
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible…
- risk 0.25cvss 4.9epss 0.00
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.
- risk 0.20cvss 3.0epss 0.00
The Dyson MQTT server (2022 and possibly later) allows publications and subscriptions by a client that has the correct values of AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, and device serial number, even if a device (such as a Pure Hot+Cool device) has been…
- risk 0.18cvss 2.7epss 0.00
xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange…
- risk 0.16cvss 2.5epss 0.00
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
- CVE-2020-8558Jul 27, 2020risk 0.02cvss —epss 0.04
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a…
- CVE-2025-67303Jan 5, 2026risk 0.00cvss —epss 0.01
An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface