Weaknesses of type CWE-610
85 resultsCVE-2023-37856MEDIUMPHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panelsEPSS 0.4%CVE-2026-32008HIGHOpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation GuardEPSS 0.4%CVE-2026-57301HIGHJenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attaEPSS 0.4%CVE-2024-6717HIGHNomad Vulnerable to Allocation Directory Path Escape Through Archive UnpackingEPSS 0.4%CVE-2023-38046MEDIUMPAN-OS: Read System Files and Resources During Configuration CommitEPSS 0.4%CVE-2025-11035MEDIUMJinher OA text xml external entity referenceEPSS 0.4%CVE-2024-28962MEDIUMDell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulneraEPSS 0.4%CVE-2023-22616HIGHAn issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driEPSS 0.4%CVE-2024-42168HIGHHCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerabilityEPSS 0.4%CVE-2025-1225MEDIUMywoa WXCallBack Interface XMLParse.java extract xml external entity referenceEPSS 0.4%CVE-2026-3404LOWthinkgem JeeSite Endpoint CasOutHandler.java xml external entity referenceEPSS 0.4%CVE-2025-2875HIGHCWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could
cause a loss of confidentiality wheEPSS 0.3%CVE-2025-5877MEDIUMFengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity referenceEPSS 0.3%CVE-2025-2365MEDIUMcrmeb_java WeChatMessageController.java webHook xml external entity referenceEPSS 0.3%CVE-2024-7625MEDIUMNomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive UnpackingEPSS 0.3%CVE-2023-33188MEDIUM Uncontrolled data used in content resolution EPSS 0.3%CVE-2026-45760HIGHApache Camel K: Camel K Cross-Namespace Build Deputy AttackEPSS 0.3%CVE-2025-26417MEDIUMIn checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storageEPSS 0.3%CVE-2026-2536MEDIUMopencc JFlow Workflow WF_Admin_AttrFlow.java Imp_Done xml external entity referenceEPSS 0.3%CVE-2025-15251MEDIUMbeecue FastBee SIP Message ReqAbstractHandler.java getRootElement xml external entity referenceEPSS 0.3%