CWE-610 · Externally Controlled Reference to a Resource in Another Sphere

233 CVEs classified under CWE-610 (Externally Controlled Reference to a Resource in Another Sphere). Browse by severity and year.

Top CVEs for CWE-610
CVESeverityScorePublishedSummary
CVE-2022-27593Critical10.02022-09-08An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an at…
CVE-2019-7290Critical10.02019-12-18An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumve…
CVE-2017-16088Critical10.02018-06-07The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard…
CVE-2022-39206Critical9.92022-09-13Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on…
CVE-2026-47643Critical9.82026-06-09External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
CVE-2025-22144Critical9.82025-01-13NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can vali…
CVE-2022-20239Critical9.82022-08-10remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by u…
CVE-2021-44041Critical9.82021-12-14UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-a…
CVE-2021-43685Critical9.82021-12-01libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php…
CVE-2020-14057Critical9.82020-07-01Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allow…
CVE-2020-9752Critical9.82020-03-23Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
CVE-2026-30903Critical9.62026-03-11External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation…
CVE-2024-5823Critical9.12024-10-29A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to…
CVE-2024-32980Critical9.12024-05-08Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applicati…
CVE-2021-41244Critical9.12021-11-15Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and ther…
CVE-2021-27648Critical9.02021-04-28Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote aut…
CVE-2024-42168High8.92025-01-11HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then ind…
CVE-2026-57301High8.82026-06-24Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Con…
CVE-2026-40370High8.82026-05-12External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-0522High8.82026-04-01A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the…