Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-706

CWE-706

Use of Incorrectly-Resolved Name or Reference

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

107 vulnerabilities with CWE-706

CVE-2025-48136 HIGH

Estatik Mortgage Calculator <2.0.12 - Code Injection

CVE-2025-30357 HIGH

NamelessMC <2.1.4 - Info Disclosure

CVE-2025-30870 HIGH

WP Travel Engine <6.3.5 - Code Injection

CVE-2025-30849 HIGH

g5theme Essential Real Estate <5.2.0 - Code Injection

CVE-2025-29914 MEDIUM

OWASP Coraza WAF <3.3.3 - Info Disclosure

CVE-2025-24813 CRITICAL KEV

Tomcat Partial PUT Java Deserialization

CVE-2025-24733 MEDIUM

AddonMaster Post Grid Master <3.4.12 - Code Injection

CVE-2024-57785 MEDIUM

Zenitel AlphaWeb XE 11.2.3.10 - Local File Inclusion

CVE-2024-55058 MEDIUM

PHPGurukul Online Birth Certificate System v1.0 - IDOR

CVE-2024-53739 HIGH

Cool Plugins Cryptocurrency Widgets For Elementor <1.6.4 - Code Inj...

CVE-2024-52515 MEDIUM

Nextcloud Server <27.1.10,28.0.6,29.0.1 - Path Traversal

CVE-2024-51746 LOW

sigstore gitsign < 0.11.0 - Incorrect Rekor Entry Selection during Online Verification

CVE-2024-45305 LOW

gix-path < 0.10.10 - Incorrect Configuration Scope Resolution

CVE-2024-35198 CRITICAL

TorchServe < 0.11.0 - Security Feature Bypass via URL Path Traversal

CVE-2024-4887 HIGH

Qi Addons For Elementor <1.7.2 - RCE

CVE-2024-37150 HIGH

Deno 1.44.0 - Exposure of Sensitive Information via .npmrc Credential Leak

CVE-2024-36383 MEDIUM

Logpoint SAML Authentication < 6.0.3 - Arbitrary File Deletion via SAML SSO-URL State Field

CVE-2024-27292 HIGH

Docassemble - Local File Inclusion

CVE-2024-27295 HIGH

Directus < 10.8.3 - Password Reset Token Hijacking via Accent-Insensitive Email Comparison

CVE-2023-42125 HIGH

Avast Premium Security - Privilege Escalation via Sandbox Protection Link Following

CVE-2023-42451 HIGH

Mastodon <3.5.14, <4.0.10, <4.1.8, <4.2.0-rc2 - Open Redirect

CVE-2023-34092 HIGH

Vite <2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, 4.3.9 - Auth Bypass

CVE-2023-31814 CRITICAL

D-Link DIR-300 Firmware <= REVA1.06 and <= REVB2.06 - File Inclusion via /model/__lang_msg.php

CVE-2023-28643 MEDIUM

Nextcloud <25.0.3, <24.0.9 - Info Disclosure

CVE-2023-28628 MEDIUM

lambdaisland/uri <1.14.120 - Info Disclosure

Previous Page 2 of 5 Next

Details

Vulnerabilities 107

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy