CWE-668: Exposure of Resource to Wrong Sphere — known CVE vulnerabilities
CVEs classified under CWE-668 (Exposure of Resource to Wrong Sphere), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-2857 — CVSS 10.0 (critical): Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A…
CVE-2019-8779 — CVSS 10.0 (critical): A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This…
CVE-2012-1846 — CVSS 10.0 (critical): Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a…
CVE-2022-43684 — CVSS 9.9 (critical): ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality…
CVE-2022-24900 — CVSS 9.9 (critical): Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and…
CVE-2019-16541 — CVSS 9.9 (critical): Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to…
CVE-2026-45411 — CVSS 9.8 (critical): vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside…
CVE-2026-44008 — CVSS 9.8 (critical): vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other…
CVE-2026-20160 — CVSS 9.8 (critical): A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary…
CVE-2024-5660 — CVSS 9.8 (critical): Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE…
CVE-2024-25153 — CVSS 9.8 (critical): A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the…
CVE-2023-45911 — CVSS 9.8 (critical): An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password.
CVE-2022-39952 — CVSS 9.8 (critical): A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through…
CVE-2022-48198 — CVSS 9.8 (critical): The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code…
CVE-2022-32221 — CVSS 9.8 (critical): When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when…
CVE-2022-26869 — CVSS 9.8 (critical): Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could…
CVE-2022-24074 — CVSS 9.8 (critical): Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script…
CVE-2022-25643 — CVSS 9.8 (critical): seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a…
CVE-2022-25236 — CVSS 9.8 (critical): xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2021-27236 — CVSS 9.8 (critical): An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be…
CVE-2020-10271 — CVSS 9.8 (critical): MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network…
CVE-2019-20853 — CVSS 9.8 (critical): An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code…
CVE-2020-10867 — CVSS 9.8 (critical): An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe)…
CVE-2019-10781 — CVSS 9.8 (critical): In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used…
CVE-2019-19015 — CVSS 9.8 (critical): An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to…
CVE-2019-9186 — CVSS 9.8 (critical): In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute…
CVE-2018-7846 — CVSS 9.8 (critical): A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340…
CVE-2018-18068 — CVSS 9.8 (critical): The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write…
CVE-2018-7072 — CVSS 9.8 (critical): A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
CVE-2017-18129 — CVSS 9.8 (critical): In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845…
CVE-2017-16610 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager…
CVE-2017-16597 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager…
CVE-2021-20999 — CVSS 9.4 (critical): In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally…
CVE-2025-9074: A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the…
CVE-2024-38368 — CVSS 9.3 (critical): trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated…
CVE-2023-32550 — CVSS 9.3 (critical): Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to…
CVE-2021-21428 — CVSS 9.3 (critical): Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and…
CVE-2020-6774 — CVSS 9.3 (critical): Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from…
CVE-2019-1848 — CVSS 9.3 (critical): A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass…
CVE-2026-42535 — CVSS 9.1 (critical): A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property…
CVE-2025-25176 — CVSS 9.1 (critical): Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in the non-secure…
CVE-2023-3455 — CVSS 9.1 (critical): Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity.
CVE-2020-22647 — CVSS 9.1 (critical): An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions.
CVE-2013-4561 — CVSS 9.1 (critical): In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of…
CVE-2022-27818 — CVSS 9.1 (critical): SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.
CVE-2021-42640 — CVSS 9.1 (critical): PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that…
CVE-2021-44523 — CVSS 9.1 (critical): A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated…
CVE-2020-16263 — CVSS 9.1 (critical): Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary…