Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-668

CWE-668

Exposure of Resource to Wrong Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

719 vulnerabilities with CWE-668

CVE-2026-53826 MEDIUM

OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn

CVE-2026-47141 MEDIUM

vm2: NodeVM observability builtins leak host process and HTTP request data

CVE-2026-48096 MEDIUM

OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning

CVE-2026-42535 CRITICAL

Apache HTTP Server: mod_dav_fs protected directory access

CVE-2026-46430 MEDIUM

Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS

CVE-2026-8958 HIGH

Information disclosure, sandbox escape in the Security: Process Sandboxing component

CVE-2026-46723 MEDIUM

Information Disclosure in extension "Faceted Search" (ke_search)

CVE-2026-44552 HIGH

Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

CVE-2026-45411 CRITICAL

vm2: Sandbox Breakout Using Async Generator

CVE-2026-44009 CRITICAL

vm2: Sandbox Breakout Through Null Proto Exception

CVE-2026-44008 CRITICAL

vm2: Snabox breakout via `neutralizeArraySpeciesBatch`

CVE-2026-42875 MEDIUM

External Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore

CVE-2026-34095 MEDIUM

action=raw with Special:Mypage subpage title responds with "Content-Type: text/html" on ctype=text/javascript request

CVE-2026-34094 LOW

Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

CVE-2026-44338 HIGH

PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

CVE-2026-41369 MEDIUM

OpenClaw < 2026.3.31 - Insufficient Environment Variable Sanitization in Host Execution

CVE-2026-41368 MEDIUM

OpenClaw < 2026.3.28 - Environment Variable Disclosure via jq $ENV Filter Bypass

CVE-2026-41362 MEDIUM

OpenClaw 2026.2.19 < 2026.3.31 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication

CVE-2026-6830 LOW

Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch

CVE-2026-32690 LOW

Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

CVE-2026-30912 HIGH

Apache Airflow: Exposing stack trace in case of constraint error

CVE-2026-35658 MEDIUM

OpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image Tool

CVE-2026-39911 HIGH

Hashgraph Guardian 3.5.0 Unsandboxed JavaScript Execution RCE

CVE-2026-34538 MEDIUM

Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)

CVE-2026-34765 MEDIUM

Electron named window.open targets not scoped to the opener's browsing context

Page 1 of 29 Next

Details

Vulnerabilities 719

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy