Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-15

CWE-15

External Control of System or Configuration Setting

Parent: CWE-642 - External Control of Critical State Data

One or more system settings or configuration elements can be externally controlled by a user.

58 vulnerabilities with CWE-15

CVE-2026-41384 HIGH

OpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI Backend

CVE-2026-41294 HIGH

OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File

CVE-2026-0232 MEDIUM

Cortex XDR Agent: Local Administrator can disable the agent on Windows

CVE-2026-35650 HIGH

OpenClaw < 2026.3.22 - Environment Variable Override Bypass via Inconsistent Sanitization

CVE-2026-33092 HIGH

Acronis True Image Oem < 42571 - Privilege Escalation

CVE-2026-22750 HIGH

SSL bundle configuration silently bypassed in Spring Cloud Gateway

CVE-2026-30817 MEDIUM

Arbitrary File Reading Vulnerability in dnsmasq Module in TP-Link AX53

CVE-2026-30816 MEDIUM

Arbitrary File Reading Vulnerability in OpenVPN Module in TP-Link AX53

CVE-2026-22177 MEDIUM

OpenClaw < 2026.2.21 - Environment Variable Injection via Config env.vars

CVE-2026-21422 LOW

Dell PowerScale OneFS 9.10.0-9.12.0 - Privilege Escalation

CVE-2026-27203 HIGH

eBay API MCP Server - Code Injection

CVE-2026-22708 CRITICAL

Anysphere Cursor < 2.3 - Command Injection

CVE-2026-0495 MEDIUM

SAP Fiori App - Privilege Escalation

CVE-2025-13091 MEDIUM

Shopire WordPress Theme <=1.0.57 - Privilege Escalation

CVE-2025-64726 HIGH

Socket Firewall <0.15.5 - RCE

CVE-2025-62527 HIGH

Taguette <1.5.0 - CSRF

CVE-2025-43792 MEDIUM

Liferay Portal <7.4.3.105 - Info Disclosure

CVE-2025-41452 MEDIUM

Danfoss AK-SM8xxA <4.3.1 - DoS

CVE-2025-8283 LOW

netavark - Info Disclosure

CVE-2025-27889 LOW

Wing FTP Server <7.4.4 - Code Injection

CVE-2025-30512 MEDIUM

Growatt Cloud Portal <= 3.6.0 - Unauthenticated Remote Configuration Manipulation

CVE-2025-27253 MEDIUM

GE Vernova UR IED <8.60 - Info Disclosure

CVE-2025-0425 HIGH

bestinformed Infoclient - Privilege Escalation

CVE-2024-11166 HIGH

CVE-2024-39800 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - RCE

Page 1 of 3 Next

Details

Vulnerabilities 58

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy