Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-470

CWE-470

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

61 vulnerabilities with CWE-470

CVE-2024-53850 HIGH

Addressing GLPI plugin 3.0.0-3.0.3 - Unauthenticated Information Disclosure via Insecure Data Existence Check

CVE-2024-7059 HIGH

Genetec Security Center - RCE

CVE-2024-8048 HIGH

In Progress Telerik Reporting <2024 Q3 - Code Injection

CVE-2024-8015 CRITICAL

Telerik Report Server <2024 Q3 - RCE

CVE-2024-8014 HIGH

Telerik Reporting <2024 Q3 - Code Injection

CVE-2024-6096 HIGH

Telerik Reporting <18.1.24.709 - Code Injection

CVE-2024-1574 MEDIUM

Mitsubishi Electric - Code Injection

CVE-2024-22258 MEDIUM

Spring Authorization Server <1.0.6 - PKCE Downgrade

CVE-2024-28121 HIGH

Stimulus Reflex < 3.4.2/3.5.0.rc4 - Unsafe Reflex Method Invocation

CVE-2024-0200 HIGH

GitHub Enterprise Server 3.8.0-3.8.12 - Authenticated Remote Code Execution via Unsafe Reflection

CVE-2023-6943 CRITICAL

Mitsubishi Electric Corporation EZSocket <5.92 - Code Injection

CVE-2023-35680 MEDIUM

Android - Local Information Disclosure via Confused Deputy in Contact Import

CVE-2023-37207 MEDIUM

Firefox <115, Firefox ESR <102.13, Thunderbird <102.13 - SSRF

CVE-2023-33652 HIGH

Sitecore XP <9.3 - Authenticated RCE

CVE-2023-34102 HIGH

Avo Rails Admin < 2.33.3 - Polymorphic Field Remote Code Execution

CVE-2023-32217 CRITICAL

IdentityIQ <8.3p3, <8.2p6, <8.1p7, <8.0p6 - RCE

CVE-2023-0460 MEDIUM

YouTube Android Player API 1.2-<1.2.2 - Remote Code Execution via Malicious App ClassLoader Binding

CVE-2022-41853 HIGH

HSQLDB <2.7.1 - Remote Code Execution via Untrusted SQL Method Calls

CVE-2022-26469 HIGH

Android - Local Privilege Escalation via Fragment Injection

CVE-2022-30287 HIGH

Horde Groupware Webmail Edition <= 5.2.22 - Remote Code Execution via PHP Object Deserialization

CVE-2022-23744 LOW

Check Point Endpoint <E86.50 - Privilege Escalation

CVE-2021-31522 CRITICAL

Apache Kylin <2.6.6, <3.1.2, <4.0.0 - RCE

CVE-2021-32647 HIGH

Emissary - Authenticated Remote Code Execution via CreatePlace Endpoint sppClassName Parameter

CVE-2021-21985 CRITICAL KEV

VMware vCenter Server - Remote Code Execution via Virtual SAN Health Check Plugin

CVE-2021-21327 MEDIUM

GLPI < 9.5.4 - Unauthenticated Unsafe Reflection via Class Instantiation

Previous Page 2 of 3 Next

Details

Vulnerabilities 61

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy