CWE-501
Trust Boundary Violation
Description
The product mixes trusted and untrusted data in the same data structure or structured message.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33828 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-14542 | Hig | 0.42 | 7.5 | 0.00 | Dec 13, 2025 | The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual (e.g., one defining an HTTP tool call), earning the clients’ trust, a malicious provider can… | ||
| CVE-2024-9779 | Hig | 0.42 | 7.5 | 0.00 | Dec 17, 2024 | A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole… | ||
| CVE-2024-20265 | Med | 0.38 | 5.9 | 0.00 | Mar 27, 2024 | A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists… | ||
| CVE-2026-24153 | Med | 0.34 | 5.2 | 0.00 | Mar 31, 2026 | NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure. | ||
| CVE-2025-1118 | — | Med | 0.29 | 4.4 | 0.00 | Feb 19, 2025 | A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory. | |
| CVE-2026-49458 | 0.00 | — | — | Jun 15, 2026 | # Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks **CWE**: CWE-79 (XSS — Improper Neutralization of Input During Web Page Generation) via CWE-693 (Protection Mechanism Failure — realm-bound `instanceof` checks fail-open… | |||
| CVE-2026-25725 | 0.00 | — | 0.00 | Feb 6, 2026 | Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and… | |||
| CVE-2025-64496 | 0.00 | — | 0.08 | Nov 8, 2025 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in… | |||
| CVE-2025-48938 | — | 0.00 | — | 0.00 | May 30, 2025 | go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by… | ||
| CVE-2024-1725 | 0.00 | — | 0.01 | Mar 7, 2024 | A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker… | |||
| CVE-2024-23682 | — | 0.00 | — | 0.00 | Jan 19, 2024 | Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | ||
| CVE-2020-15096 | 0.00 | — | 0.01 | Jul 7, 2020 | In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation"… | |||
| CVE-2020-4076 | 0.00 | — | 0.00 | Jul 7, 2020 | In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is… | |||
| CVE-2020-4077 | 0.00 | — | 0.01 | Jul 7, 2020 | In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and… |
- risk 0.51cvss 7.8epss 0.00
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.
- risk 0.42cvss 7.5epss 0.00
The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual (e.g., one defining an HTTP tool call), earning the clients’ trust, a malicious provider can…
- risk 0.42cvss 7.5epss 0.00
A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole…
- risk 0.38cvss 5.9epss 0.00
A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists…
- risk 0.34cvss 5.2epss 0.00
NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.
- risk 0.29cvss 4.4epss 0.00
A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.
- CVE-2026-49458Jun 15, 2026risk 0.00cvss —epss —
# Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks **CWE**: CWE-79 (XSS — Improper Neutralization of Input During Web Page Generation) via CWE-693 (Protection Mechanism Failure — realm-bound `instanceof` checks fail-open…
- CVE-2026-25725Feb 6, 2026risk 0.00cvss —epss 0.00
Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and…
- CVE-2025-64496Nov 8, 2025risk 0.00cvss —epss 0.08
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in…
- CVE-2025-48938May 30, 2025risk 0.00cvss —epss 0.00
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by…
- CVE-2024-1725Mar 7, 2024risk 0.00cvss —epss 0.01
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker…
- CVE-2024-23682Jan 19, 2024risk 0.00cvss —epss 0.00
Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
- CVE-2020-15096Jul 7, 2020risk 0.00cvss —epss 0.01
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation"…
- CVE-2020-4076Jul 7, 2020risk 0.00cvss —epss 0.00
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is…
- CVE-2020-4077Jul 7, 2020risk 0.00cvss —epss 0.01
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and…