CWE-610
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
216 vulnerabilities with CWE-610
CVE-2026-28722
HIGH
Acronis Cyber Protect 17 - Privilege Escalation
CVSS 7.3
CVE-2026-28721
HIGH
Acronis Cyber Protect 17 - Privilege Escalation
CVSS 7.3
CVE-2025-48654
HIGH
CompanionDeviceManagerService - Privilege Escalation
CVSS 7.8
CVE-2026-3404
MEDIUM
thinkgem JeeSite <=5.15.1 - XXE
CVSS 5.0
CVE-2026-2536
MEDIUM
opencc JFlow <20260129 - XXE
CVSS 6.3
CVE-2026-2074
MEDIUM
O2OA <9.0.0 - SSRF
CVSS 6.3
CVE-2026-1218
MEDIUM
Bjskzy Zhiyou ERP <11.0 - XML External Entity Reference
CVSS 6.3
CVE-2025-15251
MEDIUM
beecue FastBee <2.1 - XML External Entity Reference
CVSS 5.6
CVE-2025-68478
HIGH
Langflow <1.7.0 - Path Traversal
CVSS 7.1
CVE-2025-48598
MEDIUM
Face Unlock Settings - Privilege Escalation
CVSS 6.6
CVE-2025-13209
MEDIUM
bestfeng oa_git_free <9.5 - XML External Entity Reference
CVSS 6.3
CVE-2025-11341
HIGH
Jinher OA <2.0 - SSRF
CVSS 7.3
CVE-2025-11140
HIGH
Bjskzy Zhiyou ERP <11.0 - SSRF
CVSS 7.3
CVE-2025-11035
MEDIUM
Jinher OA 2.0 - SSRF
CVSS 6.3
CVE-2025-10816
HIGH
Jinher OA - XXE
CVSS 7.3
CVE-2025-8057
MEDIUM
Patika Global Technologies HumanSuite <53.21.0 - Auth Bypass
CVSS 6.5
CVE-2025-9065
HIGH
Rockwell Automation ThinManager - SSRF
CVSS 8.8
CVE-2025-10092
HIGH
Jinher OA < 1.2 - XXE
CVSS 7.3
CVE-2025-10091
HIGH
Jinher OA < 1.2 - XXE
CVSS 7.3
CVE-2024-49728
MEDIUM
Java - Info Disclosure
CVSS 5.5
CVE-2024-49722
MEDIUM
EditUserPhotoController - Info Disclosure
CVSS 5.5
CVE-2025-48963
HIGH
Acronis Cyber Protect Cloud Agent <40296 - Privilege Escalation
CVSS 7.3
CVE-2025-26417
MEDIUM
Google Android - Information Disclosure
CVSS 4.0
CVE-2025-0082
MEDIUM
Java - Info Disclosure
CVSS 5.5
CVE-2015-10142
Sitecore XP <8.0 - Info Disclosure
Details
Vulnerabilities
216