CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

227 vulnerabilities with CWE-610
CVE-2026-45760 HIGH
Apache Camel K: Camel K Cross-Namespace Build Deputy Attack
CVSS 8.1
CVE-2026-47358 HIGH
Tenable Terrascan < 1.18.3 - Externally Controlled Reference to a Resource in Another Sphere
CVSS 7.5
CVE-2026-47357 HIGH
Tenable Terrascan < 1.18.3 - Externally Controlled Reference to a Resource in Another Sphere
CVSS 7.5
CVE-2026-30905 HIGH
Zoom Communications Zoom Workplace Vdi Plugin < 6.6.11 - External Control of File Name or Path
CVSS 7.8
CVE-2026-41107 HIGH
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVSS 7.4
CVE-2026-34327 HIGH
Microsoft Partner Center Spoofing Vulnerability
CVSS 8.2
CVE-2026-30817 MEDIUM
Arbitrary File Reading Vulnerability in dnsmasq Module in TP-Link AX53
CVSS 5.7
CVE-2026-30816 MEDIUM
Arbitrary File Reading Vulnerability in OpenVPN Module in TP-Link AX53
CVSS 5.7
CVE-2026-0522 HIGH
Local File Inclusion in the File Upload/Download Process
CVSS 8.8
CVE-2026-32008 MEDIUM
OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard
CVSS 6.5
CVE-2026-30903 CRITICAL
Zoom Workplace <6.6.0 - Privilege Escalation
CVSS 9.6
CVE-2026-28722 HIGH
Acronis Cyber Protect 17 - Privilege Escalation
CVSS 7.3
CVE-2026-28721 HIGH
Acronis Cyber Protect 17 - Privilege Escalation
CVSS 7.3
CVE-2026-3404 MEDIUM
jeesite < 5.15.1 - XML External Entity Injection in CasOutHandler Endpoint
CVSS 5.0
CVE-2026-2536 MEDIUM
opencc JFlow <= 20260129 - XML External Entity Injection via File Argument in Imp_Done Function
CVSS 6.3
CVE-2026-2074 MEDIUM
O2OA <9.0.0 - SSRF
CVSS 6.3
CVE-2026-1218 MEDIUM
Bjskzy Zhiyou ERP <11.0 - XML External Entity Reference
CVSS 6.3
CVE-2025-48654 HIGH
CompanionDeviceManagerService - Privilege Escalation
CVSS 7.8
CVE-2025-15251 MEDIUM
beecue FastBee <2.1 - XML External Entity Reference
CVSS 5.6
CVE-2025-68478 HIGH
langflow < 1.7.0 - Arbitrary File Write via Unrestricted fs_path Parameter
CVSS 7.1
CVE-2025-48598 MEDIUM
Face Unlock Settings - Privilege Escalation
CVSS 6.6
CVE-2025-13209 MEDIUM
bestfeng oa_git_free <9.5 - XML External Entity Reference
CVSS 6.3
CVE-2025-11341 HIGH
Jinher OA < 2.0 - XML External Entity Injection via WebDesign.aspx
CVSS 7.3
CVE-2025-11140 HIGH
zhiyou_erp < 11.0 - XML External Entity Injection via openForm Function
CVSS 7.3
CVE-2025-11035 MEDIUM
Jinher OA 2.0 - XML External Entity Injection via ManageWord.aspx
CVSS 6.3
Details
Vulnerabilities 227
Links
MITRE CWE Entry Search this CWE With Exploits