← Back
CWE-610

236 CVEs • Abstraction: Class

Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

JSON object

Loading...

CVEs (236)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Acronis
1Cyber Protect Home Office
Jun 17, 2026
Aug 31, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis True Image OEM (Windows) bef...Show more
Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis True Image OEM (Windows) before build 42575.Show less
1Acronis
1Cyber Protect Home Office
Jun 17, 2026
Aug 31, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173.
1Wireguard
1Wireguard
Jun 17, 2026
Aug 9, 2023
N/A· v4
5.7 MEDIUM· v3
N/A· v2
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the vict...Show more
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard.Show less
1Phoenixcontact
6Wp 6070 Wvps Firmware
Wp 6101 Wxps FirmwareWp 6121 Wxps Firmware+3 more
Jun 17, 2026
Aug 9, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embed...Show more
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser . Show less
1Phoenixcontact
6Wp 6070 Wvps Firmware
Wp 6101 Wxps FirmwareWp 6121 Wxps Firmware+3 more
Jun 17, 2026
Aug 9, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.
1Paloaltonetworks
1Pan Os
Jun 17, 2026
Jul 12, 2023
N/A· v4
4.9 MEDIUM· v3
N/A· v2
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system...Show more
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.Show less
1Advantech
1R Seenet
Jun 17, 2026
Jun 22, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.
1Omninotes
1Omni Notes
Jun 17, 2026
May 27, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided...Show more
Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability.Show less
1In Toto Project
1In Toto
Jun 17, 2026
May 10, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following t...Show more
in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the files read is `.in_totorc` which is a hidden file in the directory in which in-toto is run. If an attacker controls the inputs to a supply chain step, they can mask their activities by also passing in an `.in_totorc` file that includes the necessary exclude patterns and settings. RC files are widely used in other systems and security issues have been discovered in their implementations as well. Maintainers found in their conversations with in-toto adopters that `in_totorc` is not their preferred way to configure in-toto. As none of the options supported in `in_totorc` is unique, and can be set elsewhere using API parameters or CLI arguments, the maintainers decided to drop support for `in_totorc`. in-toto's `user_settings` module has been dropped altogether in commit 3a21d84f40811b7d191fa7bd17265c1f99599afd. Users may also sandbox functionary code as a security measure.Show less
1Paloaltonetworks
1Pan Os
Jun 17, 2026
May 10, 2023
N/A· v4
4.4 MEDIUM· v3
N/A· v2
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.
2Fedoraproject
Moodle
3Extra Packages For Enterprise Linux
FedoraMoodle
Jun 17, 2026
May 2, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrar...Show more
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.Show less
3Debian
LinuxNetapp
8Active Iq Unified Manager
Debian LinuxH300s Firmware+5 more
Jun 17, 2026
Apr 25, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on...Show more
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96Show less
1Google
1Android
Jun 17, 2026
Apr 19, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User intera...Show more
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325Show less
1Oretnom23
1Student Study Center Desk Management System
Jun 17, 2026
Apr 18, 2023
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulat...Show more
A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226273 was assigned to this vulnerability.Show less
1Insyde
1Insydeh2o
Jun 17, 2026
Apr 12, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insuffi...Show more
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.Show less
1Google
1Android
Jun 17, 2026
Mar 24, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privil...Show more
In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121Show less
2Fedoraproject
Paloaltonetworks
2Cortex Xsoar
Fedora
Jun 17, 2026
Feb 8, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
1Siemens
1Automation License Manager
Jun 17, 2026
Jan 10, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected compone...Show more
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.Show less
1Wing Tight Project
1Wing Tight
Nov 21, 2024
Jan 5, 2023
N/A· v4
9.8 CRITICAL· v3
6.5 MEDIUM· v2
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to ini...Show more
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is named 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515.Show less
1Nvidia
2Cloud Gaming
Virtual Gpu
Jun 17, 2026
Dec 30, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may l...Show more
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.Show less