Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-668 (将资源暴露给错误范围) — Vulnerability Class 126

126 vulnerabilities classified as CWE-668 (将资源暴露给错误范围). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-23205 `frame-ancestors: self` grants all users access to formgrader in nbgrader — nbgrader 6.5 -2025-01-17
CVE-2024-5660 ARM多款产品 安全漏洞 — Cortex-A77 8.4 -2024-12-10
CVE-2024-43704 GPU DDK - PowerVR: PVRSRVAcquireProcessHandleBase can cause psProcessHandleBase reuse when PIDs are reused — Graphics DDK 7.1AIHighAI2024-11-18
CVE-2024-51754 Unguarded calls to __toString() when nesting an object into an array in Twig — Twig 2.2 Low2024-11-06
CVE-2024-51755 Unguarded calls to __isset() and to array-accesses when the sandbox is enabled in Twig — Twig 2.2 Low2024-11-06
CVE-2024-22281 Apache Helix Front (UI): Helix front hard-coded secret in the express-session — Apache Helix Front (UI) 9.1AICriticalAI2024-08-20
CVE-2024-42350 Public key confusion in third party block in Biscuit — biscuit 3.0 Low2024-08-05
CVE-2024-35199 TorchServe gRPC Port Exposure — serve 8.2 High2024-07-18
CVE-2024-40725 Apache HTTP Server: source code disclosure with handlers configured via AddType — Apache HTTP Server 7.5 -2024-07-18
CVE-2024-39553 Junos OS Evolved: Receipt of arbitrary data when sampling service is enabled, leads to partial Denial of Service (DoS). — Junos OS Evolved 6.5 Medium2024-07-11
CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods — CocoaPods 9.3 Critical2024-07-01
CVE-2024-5313 Schneider Electric EVlink Home Smart 安全漏洞 — EVlink Home Smart 6.5 Medium2024-06-12
CVE-2023-5751 CODESYS: Development system prone to DoS through exposure of resource to wrong sphere — CODESYS Control Win (SL) 7.8 High2024-06-04
CVE-2023-39478 Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability — Secure Integration Server 8.8 -2024-05-03
CVE-2023-6096 using a inappropriate encryption logic — HRX-1620 7.4 High2024-04-26
CVE-2024-32473 Moby IPv6 enabled on IPv4-only network interfaces — moby 4.7 Medium2024-04-18
CVE-2024-21605 Junos OS: SRX 300 Series: Specific link local traffic causes a control plane overload — Junos OS 6.5 Medium2024-04-12
CVE-2024-29905 DIRAC: Unauthorized users can read proxy contents during generation — DIRAC 8.1 High2024-04-09
CVE-2024-3019 Pcp: exposure of the redis server backend allows remote command execution via pmproxy 8.8 High2024-03-28
CVE-2024-21597 Junos OS: MX Series: In an AF scenario traffic can bypass configured lo0 firewall filters — Junos OS 5.3 Medium2024-01-12
CVE-2023-48291 Apache Airflow: Improper access control to DAG resources — Apache Airflow 4.3AIMediumAI2023-12-21
CVE-2023-49347 Ubuntu Budgie Extras 安全漏洞 — Budgie Extras 6.0 Medium2023-12-14
CVE-2023-49345 Ubuntu Budgie Extras 安全漏洞 — Budgie Extras 6.0 Medium2023-12-14
CVE-2023-39171 SENEC Storage Box V1,V2 and V3 accidentially expose a management interface — Storage Box V1 7.2 High2023-12-07
CVE-2023-4910 3scale-admin-portal: logged out users tokens can be accessed — Red Hat 3scale API Management Platform 2 5.5 Medium2023-11-06
CVE-2023-2622 Hitachi Energy MACH System Software 安全漏洞 — MACH System Software 2.7 Low2023-11-01
CVE-2023-37911 org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents — xwiki-platform 6.5 Medium2023-10-25
CVE-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window. — redis 3.6 Low2023-10-18
CVE-2023-42792 Apache Airflow: Improper access control to DAG resources — Apache Airflow 4.3 -2023-10-14
CVE-2022-20917 Cisco Jabber 安全漏洞 — Cisco Jabber 4.3 Medium2023-09-15

Vulnerabilities classified as CWE-668 (将资源暴露给错误范围) represent 126 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.