CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

220 vulnerabilities with CWE-610
CVE-2025-0082 MEDIUM
Java - Info Disclosure
CVSS 5.5
CVE-2025-7824 HIGH
Jinher OA 1.1 - XML External Entity Reference
CVSS 7.3
CVE-2025-7823 HIGH
Jinher OA 1.2 - XML External Entity Reference
CVSS 7.3
CVE-2025-7523 HIGH
Jinher OA 1.0 - XML External Entity Reference
CVSS 7.3
CVE-2025-6691 HIGH
Brainstormforce Sureforms < 0.0.14 - Remote Code Execution
CVSS 8.1
CVE-2025-5877 MEDIUM
Fengoffice Feng Office - XXE
CVSS 6.3
CVE-2025-2875 HIGH
Controller's Webserver - Info Disclosure
CVSS 7.5
CVE-2025-26684 MEDIUM
Microsoft Defender for Endpoint - Privilege Escalation
CVSS 6.7
CVE-2025-3241 MEDIUM
zhangyanbo2007 youkefu <4.2.0 - SSRF
CVSS 6.3
CVE-2025-2365 MEDIUM
crmeb_java <1.3.4 - SSRF
CVSS 6.3
CVE-2025-0111 MEDIUM KEV
Palo Alto Networks PAN-OS - Info Disclosure
CVSS 6.5
CVE-2025-1225 MEDIUM
ywoa <2024.07.03 - XML External Entity Reference
CVSS 6.3
CVE-2025-22144 CRITICAL
NamelessMC - Privilege Escalation
CVSS 9.8
CVE-2024-49728 MEDIUM
Java - Info Disclosure
CVSS 5.5
CVE-2024-49722 MEDIUM
EditUserPhotoController - Info Disclosure
CVSS 5.5
CVE-2024-13177 MEDIUM
Netskope Client <123.0-117.1.11.2310-120.1.10.2306 - Privilege Esca...
CVE-2024-51961 HIGH
ArcGIS Server <11.3 - Info Disclosure
CVSS 7.5
CVE-2024-42168 HIGH
Hcltech Dryice Myxalytics - SSRF
CVSS 8.9
CVE-2024-52792 MEDIUM
LDAP Account Manager - Config Injection
CVSS 6.5
CVE-2024-10979 HIGH
PostgreSQL <17.1-12.21 - Code Injection
CVSS 8.8
CVE-2024-5823 CRITICAL
Gaizhenbiao Chuanhuchatgpt < 2024-04-10 - Denial of Service
CVSS 9.1
CVE-2024-47773 HIGH
Discourse - XSS
CVSS 8.2
CVE-2024-45826 MEDIUM
Rockwellautomation Thinmanager < 13.1.3 - Remote Code Execution
CVSS 6.8
CVE-2024-8207 MEDIUM
MongoDB Server <5.0.14 - Privilege Escalation
CVSS 6.4
CVE-2024-7911 MEDIUM
SourceCodester Simple Online Bidding System 1.0 - File Inclusion
CVSS 6.3
Details
Vulnerabilities 220
Links
MITRE CWE Entry Search this CWE With Exploits