CWE-668
Exposure of Resource to Wrong Sphere
Description
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Hierarchy (View 1000)
CVEs mapped to this weakness (268)
page 3 of 14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11382 | Hig | 0.49 | 7.5 | 0.02 | Aug 3, 2017 | Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350. | ||
| CVE-2017-6100 | Hig | 0.49 | 7.5 | 0.01 | Feb 23, 2017 | tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | ||
| CVE-2023-6096 | Hig | 0.48 | 7.4 | 0.00 | Apr 26, 2024 | Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for… | ||
| CVE-2026-34780 | Hig | 0.47 | 8.3 | 0.00 | Apr 4, 2026 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects (from the… | ||
| CVE-2024-24985 | Hig | 0.47 | 7.2 | 0.00 | Nov 13, 2024 | Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2017-12576 | Hig | 0.47 | 7.2 | 0.02 | Aug 24, 2018 | An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page… | ||
| CVE-2017-16660 | Hig | 0.47 | 7.2 | 0.04 | Nov 8, 2017 | Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. | ||
| CVE-2025-54502 | Hig | 0.46 | — | 0.00 | Apr 16, 2026 | Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution. | ||
| CVE-2025-38670 | Hig | 0.46 | 7.1 | 0.00 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those… | ||
| CVE-2024-13484 | Hig | 0.46 | 8.2 | 0.00 | Jan 28, 2025 | A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform… | ||
| CVE-2025-15653 | Med | 0.44 | 6.8 | 0.00 | Jun 2, 2026 | Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the… | ||
| CVE-2025-12351 | Med | 0.44 | 6.8 | 0.00 | Oct 27, 2025 | Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most… | ||
| CVE-2025-22069 | Hig | 0.44 | 7.8 | 0.00 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler Naresh Kamboju reported a "Bad frame pointer" kernel warning while running LTP trace ftrace_stress_test.sh in… | ||
| CVE-2023-2916 | Hig | 0.44 | 7.5 | 0.21 | Aug 15, 2023 | The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data… | ||
| CVE-2017-12342 | Med | 0.44 | 6.8 | 0.00 | Nov 30, 2017 | A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature.… | ||
| CVE-2017-5634 | Med | 0.43 | 6.6 | 0.00 | Feb 9, 2017 | The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a… | ||
| CVE-2026-44000 | Med | 0.42 | 6.5 | 0.00 | May 13, 2026 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value… | ||
| CVE-2026-30912 | Hig | 0.42 | 7.5 | 0.00 | Apr 18, 2026 | In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. | ||
| CVE-2017-16605 | Med | 0.42 | 6.5 | 0.02 | Jan 23, 2018 | This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.… | ||
| CVE-2017-16604 | Med | 0.42 | 6.5 | 0.02 | Jan 23, 2018 | This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.… |
- risk 0.49cvss 7.5epss 0.02
Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350.
- risk 0.49cvss 7.5epss 0.01
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.
- risk 0.48cvss 7.4epss 0.00
Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for…
- risk 0.47cvss 8.3epss 0.00
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects (from the…
- risk 0.47cvss 7.2epss 0.00
Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.47cvss 7.2epss 0.02
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page…
- risk 0.47cvss 7.2epss 0.04
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
- risk 0.46cvss —epss 0.00
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those…
- risk 0.46cvss 8.2epss 0.00
A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform…
- risk 0.44cvss 6.8epss 0.00
Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the…
- risk 0.44cvss 6.8epss 0.00
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler Naresh Kamboju reported a "Bad frame pointer" kernel warning while running LTP trace ftrace_stress_test.sh in…
- risk 0.44cvss 7.5epss 0.21
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data…
- risk 0.44cvss 6.8epss 0.00
A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature.…
- risk 0.43cvss 6.6epss 0.00
The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a…
- risk 0.42cvss 6.5epss 0.00
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value…
- risk 0.42cvss 7.5epss 0.00
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
- risk 0.42cvss 6.5epss 0.02
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.…
- risk 0.42cvss 6.5epss 0.02
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.…