CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

227 vulnerabilities with CWE-610
CVE-2025-10816 HIGH
Jinher OA 2.0 - XML External Entity Injection in GetWordFileName.aspx
CVSS 7.3
CVE-2025-8057 MEDIUM
Patika Global Technologies HumanSuite <53.21.0 - Auth Bypass
CVSS 6.5
CVE-2025-9065 HIGH
Rockwell Automation ThinManager - SSRF
CVSS 8.8
CVE-2025-10092 HIGH
Jinher OA < 1.2 - XML External Entity Injection via TaskManage AddTask Endpoint
CVSS 7.3
CVE-2025-10091 HIGH
jinher_oa < 1.2 - XML External Entity Injection via ProjectManage XmlHttp Endpoint
CVSS 7.3
CVE-2025-48963 HIGH
Acronis Cyber Protect Cloud Agent <40296 - Privilege Escalation
CVSS 7.3
CVE-2025-26417 MEDIUM
Android - Local Information Disclosure via DownloadProvider Confused Deputy
CVSS 4.0
CVE-2025-0082 MEDIUM
Android - Local Information Disclosure via Confused Deputy in StatusHint and TelecomServiceImpl
CVSS 5.5
CVE-2025-7824 HIGH
Jinher OA 1.1 - XML External Entity Reference
CVSS 7.3
CVE-2025-7823 HIGH
Jinher OA 1.2 - XML External Entity Reference
CVSS 7.3
CVE-2025-7523 HIGH
Jinher OA 1.0 - XML External Entity Reference
CVSS 7.3
CVE-2025-6691 HIGH
SureForms <= 1.7.3 - Unauthenticated Arbitrary File Deletion
CVSS 8.1
CVE-2025-5877 MEDIUM
Feng Office 3.2.2.1 - XML External Entity Injection in Document Upload Handler
CVSS 6.3
CVE-2025-2875 HIGH
Controller's Webserver - Info Disclosure
CVSS 7.5
CVE-2025-26684 MEDIUM
Microsoft Defender for Endpoint - Privilege Escalation
CVSS 6.7
CVE-2025-3241 MEDIUM
zhangyanbo2007 youkefu <4.2.0 - SSRF
CVSS 6.3
CVE-2025-2365 MEDIUM
crmeb_java <= 1.3.4 - XML External Entity Injection in WeChatMessageController
CVSS 6.3
CVE-2025-0111 MEDIUM KEV
Palo Alto Networks PAN-OS - Info Disclosure
CVSS 6.5
CVE-2025-1225 MEDIUM
ywoa <2024.07.03 - XML External Entity Reference
CVSS 6.3
CVE-2025-22144 CRITICAL
NamelessMC < 2.1.3 - Authenticated Account Takeover via Password Reset Bypass
CVSS 9.8
CVE-2024-49728 MEDIUM
Android - Local Information Disclosure via BluetoothOppSendFileInfo
CVSS 5.5
CVE-2024-49722 MEDIUM
EditUserPhotoController - Info Disclosure
CVSS 5.5
CVE-2024-13177 MEDIUM
Netskope Client <123.0-117.1.11.2310-120.1.10.2306 - Privilege Esca...
CVE-2024-51961 HIGH
ArcGIS Server <11.3 - Info Disclosure
CVSS 7.5
CVE-2024-42168 HIGH
HCL MyXalytics - Out-of-Band Resource Load via HTTP
CVSS 8.9
Details
Vulnerabilities 227
Links
MITRE CWE Entry Search this CWE With Exploits