Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-15

CWE-15

External Control of System or Configuration Setting

Parent: CWE-642 - External Control of Critical State Data

One or more system settings or configuration elements can be externally controlled by a user.

65 vulnerabilities with CWE-15

CVE-2025-27889 LOW

Wing FTP Server <7.4.4 - Code Injection

CVE-2025-30512 MEDIUM

Growatt Cloud Portal <= 3.6.0 - Unauthenticated Remote Configuration Manipulation

CVE-2025-27253 MEDIUM

GE Vernova UR IED <8.60 - Info Disclosure

CVE-2025-0425 HIGH

bestinformed Infoclient - Privilege Escalation

CVE-2024-11166 HIGH

Traffic Alert and Collision Avoidance System (TCAS) II - Denial of Service via Comm-A Identity Request

CVE-2024-39800 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - RCE

CVE-2024-39799 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - RCE

CVE-2024-39798 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - RCE

CVE-2024-39795 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Permission Bypass

CVE-2024-39794 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Auth Bypass

CVE-2024-39793 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Auth Bypass

CVE-2024-39790 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Auth Bypass

CVE-2024-39789 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Config Injection

CVE-2024-39788 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Config Injection

CVE-2024-39602 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - RCE

CVE-2024-39280 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - RCE

CVE-2024-38666 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Command Injection

CVE-2024-54097 HIGH

Huawei EMUI and HarmonyOS - External Control of System Setting in HiView Module

CVE-2024-51544 HIGH

ABB ASPECT Enterprise NEXUS and MATRIX Series < 3.08.03 - Unauthenticated Service Control and Configuration Modification

CVE-2024-51543 HIGH

ABB ASPECT <3.08.02, NEXUS Series <3.08.02, MATRIX Series <3.08.02 ...

CVE-2024-50358 HIGH

Advantech - External Control of System or Configuration Setting

CVE-2024-10979 HIGH

PostgreSQL <17.1-12.21 - Code Injection

CVE-2024-21583 MEDIUM

github.com/gitpod-io/gitpod - Info Disclosure

CVE-2024-4326 CRITICAL

lollms_web_ui < 9.5 - Remote Code Execution via Settings Bypass

CVE-2024-23639 MEDIUM

Micronaut Framework - Info Disclosure

Previous Page 2 of 3 Next

Details

Vulnerabilities 65

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy