Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-706

CWE-706

Use of Incorrectly-Resolved Name or Reference

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

105 vulnerabilities with CWE-706

CVE-2026-40912 HIGH

Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

CVE-2026-41402 MEDIUM

OpenClaw < 2026.3.31 - Webhook Replay Cache Cross-Target messageId Scope Bypass

CVE-2026-42254 MEDIUM

Hickory DNS 0.1-0.25.2 - Cross-Zone Poisoning

CVE-2026-41354 LOW

OpenClaw < 2026.4.2 - Insufficient Scope in Zalo Webhook Replay Dedupe Keys

CVE-2026-35358 MEDIUM

uutils coreutils cp Semantic Loss and Potential Denial of Service with -R via Device Node Stream Reading

CVE-2026-41131 MEDIUM

OpenFGA has Improper Policy Enforcement

CVE-2026-35666 HIGH

OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper

CVE-2026-35635 MEDIUM

OpenClaw < 2026.3.22 - Webhook Path Route Replacement Vulnerability in Synology Chat

CVE-2026-35039 CRITICAL

fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

CVE-2026-33732 MEDIUM

srvx is vulnerable to middleware bypass via absolute URI in request line

CVE-2026-33490 LOW

h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes

CVE-2026-1230 MEDIUM

GitLab CE/EE - Info Disclosure

CVE-2026-30856 MEDIUM

WeKnora <0.3.0 - Command Injection

CVE-2026-3125 MEDIUM

@opennextjs/cloudflare - SSRF

CVE-2026-25890 HIGH

Filebrowser < 2.57.1 - Incorrect Authorization

CVE-2026-25067 MEDIUM

SmarterTools SmarterMail <9518 - Path Traversal

CVE-2025-65474 CRITICAL

EasyImages <2.8.6 - RCE

CVE-2025-65105 MEDIUM

Apptainer <1.4.5 - Privilege Escalation

CVE-2025-64750 MEDIUM

SingularityCE <4.3.5 & SingularityPRO 4.1.11 & 4.3.5 - SSRF

CVE-2025-13437 MEDIUM

zx - Use After Free

CVE-2025-62378 MEDIUM

CommandKit 1.2.0-rc.1-1.2.0-rc.11 - Info Disclosure

CVE-2025-58362 HIGH

Hono 4.8.0-4.9.5 - Path Traversal

CVE-2025-3941 MEDIUM

Tridium Niagara <4.14.2-4.15.1-4.10.11 - Input Data Manipulation

CVE-2025-48136 HIGH

Estatik Mortgage Calculator <2.0.12 - Code Injection

CVE-2025-30357 HIGH

NamelessMC <2.1.4 - Info Disclosure

Page 1 of 5 Next

Details

Vulnerabilities 105

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy