Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-668

CWE-668

Exposure of Resource to Wrong Sphere

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

704 vulnerabilities with CWE-668

CVE-2026-41369 MEDIUM

OpenClaw < 2026.3.31 - Insufficient Environment Variable Sanitization in Host Execution

CVE-2026-41368 MEDIUM

OpenClaw < 2026.3.28 - Environment Variable Disclosure via jq $ENV Filter Bypass

CVE-2026-41362 MEDIUM

OpenClaw 2026.2.19 < 2026.3.31 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication

CVE-2026-6830 LOW

Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch

CVE-2026-32690 LOW

Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

CVE-2026-30912 HIGH

Apache Airflow: Exposing stack trace in case of constraint error

CVE-2026-35658 MEDIUM

OpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image Tool

CVE-2026-39911 HIGH

Hashgraph Guardian 3.5.0 Unsandboxed JavaScript Execution RCE

CVE-2026-34538 MEDIUM

Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)

CVE-2026-34765 MEDIUM

Electron named window.open targets not scoped to the opener's browsing context

CVE-2026-34217 HIGH

SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler

CVE-2026-34780 HIGH

Electron: Context Isolation bypass via contextBridge VideoFrame transfer

CVE-2026-20160 CRITICAL

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

CVE-2026-33573 HIGH

OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters

CVE-2026-28779 HIGH

Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

CVE-2026-28806 CRITICAL

nerves-hub nerves_hub_web - Privilege Escalation

CVE-2026-29093 HIGH

WWBN AVideo <24.0 - Session Hijacking

CVE-2026-2297 MEDIUM

CPython - Info Disclosure

CVE-2026-27466 HIGH

BigBlueButton <=3.0.21 - DoS

CVE-2026-26057 MEDIUM

Skill Scanner API Server - DoS/File Upload

CVE-2026-21528 MEDIUM

Microsoft Azure Iot Explorer < 0.15.13 - Exposure to Wrong Actor

CVE-2026-25643 CRITICAL

Frigate <0.16.4 - RCE

CVE-2026-25725 CRITICAL

Claude Code <2.1.2 - Info Disclosure

CVE-2026-24473 MEDIUM

Hono <4.11.7 - Info Disclosure

CVE-2026-23763 HIGH

VB-Audio Matrix <2.0.2.2 - Privilege Escalation

Page 1 of 29 Next

Details

Vulnerabilities 704

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy