Common Weakness Enumeration

CWE-610

Discouraged

Externally Controlled Reference to a Resource in Another Sphere

Abstraction: Class · Status: Draft

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

278 vulnerabilities reference this CWE, most recent first.

GHSA-4J3Q-G7JX-6RW4

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30
VLAI
Details

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-41107"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:17:22Z",
    "severity": "HIGH"
  },
  "details": "External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.",
  "id": "GHSA-4j3q-g7jx-6rw4",
  "modified": "2026-05-12T18:30:46Z",
  "published": "2026-05-12T18:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41107"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41107"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4M57-4HQX-RGQV

Vulnerability from github – Published: 2025-07-25 18:30 – Updated: 2025-07-25 18:30
VLAI
Details

Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of the file is already known via a specially-crafted URL. Affected files do not include .config, .aspx or .cs files. The issue does not allow for directory browsing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-10142"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T16:15:26Z",
    "severity": "MODERATE"
  },
  "details": "Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to\u00a07.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of the file is already known via a specially-crafted URL.\u00a0Affected files do not include .config, .aspx or .cs files. The issue does not allow for directory browsing.",
  "id": "GHSA-4m57-4hqx-rgqv",
  "modified": "2025-07-25T18:30:38Z",
  "published": "2025-07-25T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-10142"
    },
    {
      "type": "WEB",
      "url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB0816762"
    },
    {
      "type": "WEB",
      "url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1002377"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/sitecore-xp-cms-file-read-via-known-path"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4R67-5W29-W28M

Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2024-08-13 18:31
VLAI
Details

A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. The application loads shared libraries, which are readable and writable by any user. If exploited, a malicious user could leverage a malicious dll and perform a remote code execution attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6079"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-13T18:15:32Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability exists in the Rockwell Automation Emulate3D\u2122,\u00a0which could be leveraged to execute a DLL Hijacking attack. The application loads shared libraries, which are readable and writable by any user. If exploited, a malicious user could leverage a malicious dll and perform a remote code execution attack.",
  "id": "GHSA-4r67-5w29-w28m",
  "modified": "2024-08-13T18:31:17Z",
  "published": "2024-08-13T18:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6079"
    },
    {
      "type": "WEB",
      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201683.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4R9Q-WQCJ-X85J

Vulnerability from github – Published: 2022-06-02 00:00 – Updated: 2025-10-22 00:32
VLAI
Details

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-01T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.",
  "id": "GHSA-4r9q-wqcj-x85j",
  "modified": "2025-10-22T00:32:33Z",
  "published": "2022-06-02T00:00:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30190"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-30190"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/167438/Microsoft-Office-Word-MSDTJS-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4WCH-CG8H-VQC6

Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2025-10-22 00:31
VLAI
Details

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-05T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.",
  "id": "GHSA-4wch-cg8h-vqc6",
  "modified": "2025-10-22T00:31:49Z",
  "published": "2022-05-24T17:02:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7194"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7194"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4WJQ-4WFF-QW9C

Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-02-25 00:30
VLAI
Details

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39952"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-16T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.",
  "id": "GHSA-4wjq-4wff-qw9c",
  "modified": "2023-02-25T00:30:45Z",
  "published": "2023-02-16T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39952"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-22-300"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5227-22F5-M93M

Vulnerability from github – Published: 2025-01-11 03:30 – Updated: 2025-01-11 03:30
VLAI
Details

HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42168"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-11T03:15:21Z",
    "severity": "HIGH"
  },
  "details": "HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability.  An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.",
  "id": "GHSA-5227-22f5-m93m",
  "modified": "2025-01-11T03:30:40Z",
  "published": "2025-01-11T03:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42168"
    },
    {
      "type": "WEB",
      "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0118149"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-524P-6J7X-RWRC

Vulnerability from github – Published: 2022-09-07 00:01 – Updated: 2022-09-13 00:00
VLAI
Details

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2633"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-06T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the \u0027dl\u0027 parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server.",
  "id": "GHSA-524p-6j7x-rwrc",
  "modified": "2022-09-13T00:00:41Z",
  "published": "2022-09-07T00:01:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2633"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/2768384/all-in-one-video-gallery/trunk/public/video.php"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2744708%40all-in-one-video-gallery\u0026new=2744708%40all-in-one-video-gallery\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83b0534e-1b8d-46a8-9698-e7ca73e5ab57?source=cve"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2633"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-52JJ-6W68-3M25

Vulnerability from github – Published: 2024-08-27 12:30 – Updated: 2025-05-17 00:30
VLAI
Details

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.

Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114",
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-27T12:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.\n\nRequired Configuration: Only environments with Linux as the underlying operating system is affected by this issue",
  "id": "GHSA-52jj-6w68-3m25",
  "modified": "2025-05-17T00:30:25Z",
  "published": "2024-08-27T12:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8207"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-69507"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250516-0009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55CF-XX38-4P9P

Vulnerability from github – Published: 2026-05-04 20:22 – Updated: 2026-05-19 15:56
VLAI
Summary
OpenClaw: Workspace dotenv files cannot override connector endpoint hosts
Details

Summary

Workspace dotenv files cannot override connector endpoint hosts.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.4.21
  • Fixed version: 2026.4.22

Impact

A workspace .env file could set connector endpoint variables for Matrix, Mattermost, IRC, or Synology-related connectors and redirect runtime traffic away from the operator-configured endpoint.

Fix

Workspace .env loading now blocks those endpoint variables, including per-account Matrix homeserver suffixes and generic base-url/API-host style overrides. Trusted global runtime dotenv loading remains separate.

Fix Commit(s)

  • 0623079e98abf7202591f1b04a89755eb7ec9272

Verification

  • The fix commit is contained in the public v2026.4.22 tag.
  • openclaw@2026.4.22 is published on npm and the compiled package contains the fix.
  • Focused regression coverage for this path passed before publication.

OpenClaw thanks @qi-scape for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.4.21"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.4.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45003"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427",
      "CWE-610"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-04T20:22:15Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\nWorkspace dotenv files cannot override connector endpoint hosts.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: \u003c= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA workspace .env file could set connector endpoint variables for Matrix, Mattermost, IRC, or Synology-related connectors and redirect runtime traffic away from the operator-configured endpoint.\n\n## Fix\nWorkspace .env loading now blocks those endpoint variables, including per-account Matrix homeserver suffixes and generic base-url/API-host style overrides. Trusted global runtime dotenv loading remains separate.\n\n## Fix Commit(s)\n- 0623079e98abf7202591f1b04a89755eb7ec9272\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @qi-scape for reporting.",
  "id": "GHSA-55cf-xx38-4p9p",
  "modified": "2026-05-19T15:56:37Z",
  "published": "2026-05-04T20:22:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45003"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Workspace dotenv files cannot override connector endpoint hosts"
}

No mitigation information available for this CWE.

CAPEC-219: XML Routing Detour Attacks

An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.