CWE-610
235 CVEs • Abstraction: Class
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
CVEs (235)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerabili...Show more |
1Citrix 2Netscaler Application Delivery Controller Netscaler GatewayJul 2, 2026 Jun 30, 2026 7.1 HIGH· v4 7.5 HIGH· v3 N/A· v2 Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled |
Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins co...Show more |
A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parse...Show more |
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network. |
1Netgear 35Cbr750 Firmware Ex6120 FirmwareEx6130 Firmware+32 moreJun 18, 2026 Jun 9, 2026 4.3 MEDIUM· v4 4.5 MEDIUM· v3 N/A· v2 Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network
to tamper with the system. |
(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resourc...Show more |
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFor...Show more |
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in se...Show more |
1Zoom 1Workplace Virtual Desktop Infrastructure Jun 17, 2026 May 13, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access. |
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. |
1Microsoft 5Sql Server 2016 Sql Server 2017Sql Server 2019+2 moreJun 18, 2026 May 12, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. |
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. |
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network. |
1Tp Link 1Archer Ax53 Firmware Jun 17, 2026 Apr 8, 2026 6.8 MEDIUM· v4 5.7 MEDIUM· v3 N/A· v2 An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful e...Show more |
1Tp Link 1Archer Ax53 Firmware Jun 17, 2026 Apr 8, 2026 6.8 MEDIUM· v4 5.7 MEDIUM· v3 N/A· v2 An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful...Show more |
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When...Show more |
OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed() function that allows authenticated users with browser-tool access to navigate to file:/...Show more |
1Zoom 2Workplace Desktop Workplace Virtual Desktop InfrastructureJun 17, 2026 Mar 11, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access. |
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. |