Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-706

CWE-706

Use of Incorrectly-Resolved Name or Reference

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

107 vulnerabilities with CWE-706

CVE-2026-45306 MEDIUM

pyLoad: Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session Directory

CVE-2026-8716 MEDIUM

Use of Incorrectly-Resolved Name or Reference in GitLab

CVE-2026-40912 HIGH

Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

CVE-2026-41402 MEDIUM

OpenClaw < 2026.3.31 - Webhook Replay Cache Cross-Target messageId Scope Bypass

CVE-2026-42254 MEDIUM

Hickory DNS 0.1-0.25.2 - Cross-Zone Poisoning

CVE-2026-41354 LOW

OpenClaw < 2026.4.2 - Insufficient Scope in Zalo Webhook Replay Dedupe Keys

CVE-2026-35358 MEDIUM

uutils coreutils cp Semantic Loss and Potential Denial of Service with -R via Device Node Stream Reading

CVE-2026-41131 MEDIUM

OpenFGA has Improper Policy Enforcement

CVE-2026-35666 HIGH

OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper

CVE-2026-35635 MEDIUM

OpenClaw < 2026.3.22 - Webhook Path Route Replacement Vulnerability in Synology Chat

CVE-2026-35039 CRITICAL

fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

CVE-2026-33732 MEDIUM

srvx is vulnerable to middleware bypass via absolute URI in request line

CVE-2026-33490 LOW

h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes

CVE-2026-1230 MEDIUM

GitLab 18.7.5/18.8.5/18.9.1 - Authenticated Repository Content Spoofing via Branch Reference Validation Bypass

CVE-2026-30856 MEDIUM

Tencent WeKnora < 0.3.0 - Indirect Prompt Injection via MCP Tool Name Collision

CVE-2026-3125 MEDIUM

@opennextjs/cloudflare < 1.17.1 - Server-Side Request Forgery via Path Normalization Bypass

CVE-2026-25890 HIGH

filebrowser < 2.57.1 - Authenticated Authorization Bypass via Multiple Slash Path Manipulation

CVE-2026-25067 MEDIUM

SmarterTools SmarterMail <9518 - Path Traversal

CVE-2025-65474 CRITICAL

EasyImages 2.0 <= 2.8.6 manager.php - PHP File Rename Code Execution

CVE-2025-65105 MEDIUM

Apptainer <1.4.5 - Privilege Escalation

CVE-2025-64750 MEDIUM

SingularityCE and SingularityPRO - LSM Label Redirect Restriction Bypass

CVE-2025-13437 MEDIUM

zx - Use After Free

CVE-2025-62378 MEDIUM

CommandKit 1.2.0-rc.1-1.2.0-rc.11 - Info Disclosure

CVE-2025-58362 HIGH

Hono 4.8.0-4.9.5 - Path Confusion via Malformed Absolute-Form Request-URI

CVE-2025-3941 MEDIUM

Tridium Niagara <4.14.2-4.15.1-4.10.11 - Input Data Manipulation

Page 1 of 5 Next

Details

Vulnerabilities 107

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy