VYPR

CWE-669

Incorrect Resource Transfer Between Spheres

ClassDraft

Description

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

Hierarchy (View 1000)

CVEs mapped to this weakness (54)

page 1 of 3
  • CVE-2016-5062CriSep 29, 2016
    risk 0.64cvss 9.8epss 0.04

    The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.

  • CVE-2026-31431HigKEVApr 22, 2026
    risk 0.59cvss 7.8epss 0.97

    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the…

  • CVE-2025-41645HigMay 13, 2025
    risk 0.56cvss 8.6epss 0.00

    An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.

  • CVE-2025-34158HigAug 21, 2025
    risk 0.55cvss 8.5epss 0.01

    Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner (and a /api/resources call reveals other servers accessible by that server owner).

  • CVE-2025-62775HigOct 22, 2025
    risk 0.52cvss 8.0epss 0.00

    Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password.

  • CVE-2026-42997HigMay 5, 2026
    risk 0.50cvss 7.7epss 0.00

    An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic…

  • CVE-2025-59363HigSep 14, 2025
    risk 0.50cvss 7.7epss 0.00

    In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),

  • CVE-2026-12068HigJun 12, 2026
    risk 0.48cvss 7.4epss 0.00

    Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira…

  • CVE-2026-48831HigMay 24, 2026
    risk 0.47cvss epss 0.00

    Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping…

  • CVE-2026-24708HigFeb 18, 2026
    risk 0.46cvss 8.2epss 0.00

    An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format…

  • CVE-2024-38519HigJul 2, 2024
    risk 0.44cvss 7.8epss 0.00

    `yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on…

  • CVE-2025-59378MedSep 15, 2025
    risk 0.37cvss 5.7epss 0.00

    In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).

  • CVE-2017-14013MedOct 17, 2017
    risk 0.36cvss 5.6epss 0.01

    A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms,…

  • CVE-2026-46448MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.

  • CVE-2026-48846MedMay 25, 2026
    risk 0.35cvss 6.5epss 0.00

    In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information disclosure or access-control bypass.

  • CVE-2026-48845MedMay 25, 2026
    risk 0.35cvss 6.5epss 0.00

    In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message.

  • CVE-2026-41525MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file,…

  • CVE-2026-40225MedApr 10, 2026
    risk 0.35cvss 6.4epss 0.00

    In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

  • CVE-2026-41030MedApr 16, 2026
    risk 0.33cvss 6.2epss 0.00

    In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.

  • CVE-2026-46447MedJun 3, 2026
    risk 0.31cvss 5.8epss 0.00

    OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.