VYPR

CWE-668

Exposure of Resource to Wrong Sphere

ClassDraft

Description

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Hierarchy (View 1000)

CVEs mapped to this weakness (268)

page 5 of 14
  • CVE-2026-41368MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin restrictions by using $ENV in jq programs to access sensitive environment variables that should be…

  • CVE-2026-35658MedApr 10, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject.

  • CVE-2026-34538MedApr 9, 2026
    risk 0.35cvss 6.5epss 0.01

    Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with…

  • CVE-2025-49574MedJun 23, 2025
    risk 0.35cvss 6.4epss 0.00

    Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. In versions prior to 3.24.1, 3.20.2, and 3.15.6, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement…

  • CVE-2023-7014MedFeb 5, 2024
    risk 0.35cvss 5.3epss 0.01

    The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract…

  • CVE-2021-22897MedJun 11, 2021
    risk 0.35cvss 5.3epss 0.03

    curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library,…

  • CVE-2018-7479MedFeb 26, 2018
    risk 0.35cvss 5.3epss 0.02

    YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.

  • CVE-2018-6880MedFeb 12, 2018
    risk 0.35cvss 5.3epss 0.02

    EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.

  • CVE-2017-12363MedNov 30, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by…

  • CVE-2017-7490MedMay 15, 2017
    risk 0.35cvss 5.3epss 0.01

    In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.

  • CVE-2016-5334MedDec 29, 2016
    risk 0.35cvss 5.3epss 0.02

    VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

  • CVE-2025-6788MedJul 11, 2025
    risk 0.34cvss epss 0.00

    A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.

  • CVE-2023-23448MedMay 15, 2023
    risk 0.34cvss 5.3epss 0.01

    Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code.

  • CVE-2026-34765MedApr 7, 2026
    risk 0.32cvss 6.0epss 0.00

    Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open() with a target name, Electron did not correctly scope the named-window lookup to the…

  • CVE-2026-42424MedApr 28, 2026
    risk 0.30cvss 5.7epss 0.00

    OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as…

  • CVE-2026-2297MedMar 4, 2026
    risk 0.30cvss epss 0.00

    The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.

  • CVE-2017-8171MedNov 22, 2017
    risk 0.30cvss 4.6epss 0.00

    Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and…

  • CVE-2017-8161MedNov 22, 2017
    risk 0.30cvss 4.6epss 0.00

    EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass security vulnerability. When…

  • CVE-2026-42875MedMay 11, 2026
    risk 0.27cvss epss 0.00

    External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when…

  • CVE-2026-48096MedJun 10, 2026
    risk 0.26cvss 5.0epss 0.00

    OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has…