CWE-403 · Exposure of File Descriptor to Unintended Control Sphere (File Descriptor Leak)
4 CVEs classified under CWE-403 (Exposure of File Descriptor to Unintended Control Sphere (File Descriptor Leak)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40042 | Critical | 9.8 | 2026-04-13 | Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML par… |
CVE-2025-15114 | Critical | 9.8 | 2025-12-30 | Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML fil… |
CVE-2024-21626 | High | 8.6 | 2024-01-31 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descrip… |
CVE-2024-58280 | | 2025-12-10 | CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. A… |