VYPR

CWE-668

Exposure of Resource to Wrong Sphere

ClassDraft

Description

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Hierarchy (View 1000)

CVEs mapped to this weakness (268)

page 6 of 14
  • CVE-2024-35183MedMay 15, 2024
    risk 0.22cvss 4.4epss 0.00

    wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than `github.com`. Most git-dependent functionality in wolfictl relies on its own `git`…

  • CVE-2026-53826MedJun 12, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or…

  • CVE-2026-46430MedMay 26, 2026
    risk 0.21cvss 4.3epss 0.00

    Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort("", ":5553")…

  • CVE-2026-41362MedApr 28, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments…

  • CVE-2026-34094LowMay 11, 2026
    risk 0.18cvss 3.8epss 0.00

    Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.

  • CVE-2026-32690LowApr 18, 2026
    risk 0.17cvss 3.7epss 0.00

    Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise…

  • CVE-2026-6830LowApr 21, 2026
    risk 0.14cvss 3.3epss 0.00

    nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access…

  • CVE-2017-8418LowMay 2, 2017
    risk 0.14cvss 3.3epss 0.00

    RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.

  • CVE-2024-42350LowAug 5, 2024
    risk 0.13cvss 3.0epss 0.00

    Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a…

  • CVE-2021-36749Sep 24, 2021
    risk 0.08cvss epss 0.81

    In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server…

  • CVE-2024-51755LowNov 6, 2024
    risk 0.07cvss 2.2epss 0.00

    Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a…

  • CVE-2024-51754LowNov 6, 2024
    risk 0.07cvss 2.2epss 0.00

    Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance).…

  • CVE-2023-33510Jun 7, 2023
    risk 0.06cvss epss 0.04

    Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.

  • CVE-2022-32430Jul 21, 2022
    risk 0.06cvss epss 0.04

    An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.

  • CVE-2022-25481Mar 20, 2022
    risk 0.01cvss epss 0.05

    ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the…

  • CVE-2018-8040MedAug 29, 2018
    risk 0.01cvss 5.3epss 0.09

    Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to…

  • CVE-2011-1960Aug 10, 2011
    risk 0.01cvss epss 0.18

    Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability."

  • CVE-2011-1258Jun 16, 2011
    risk 0.01cvss epss 0.15

    Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information…

  • CVE-2026-56078Jun 18, 2026
    risk 0.00cvss epss 0.01

    PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive…

  • CVE-2026-28779Mar 17, 2026
    risk 0.00cvss epss 0.01

    Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP…