CWE-668 · Exposure of Resource to Wrong Sphere
720 CVEs classified under CWE-668 (Exposure of Resource to Wrong Sphere). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-25725 | Critical | 10.0 | 2026-02-06 | Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.js… |
CVE-2025-2857 | Critical | 10.0 | 2025-03-27 | Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child proces… |
CVE-2019-8779 | Critical | 10.0 | 2019-12-18 | A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS… |
CVE-2022-43684 | Critical | 9.9 | 2023-06-13 | ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details … |
CVE-2022-24900 | Critical | 9.9 | 2022-04-29 | Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to… |
CVE-2019-16541 | Critical | 9.9 | 2019-11-21 | Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use crede… |
CVE-2026-45411 | Critical | 9.8 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator… |
CVE-2026-44009 | Critical | 9.8 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2. |
CVE-2026-44008 | Critical | 9.8 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call i… |
CVE-2026-20160 | Critical | 9.8 | 2026-04-01 | A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the unde… |
CVE-2025-15114 | Critical | 9.8 | 2025-12-30 | Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML fil… |
CVE-2025-55583 | Critical | 9.8 | 2025-08-28 | D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endp… |
CVE-2024-5660 | Critical | 9.8 | 2024-12-10 | Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cor… |
CVE-2024-25153 | Critical | 9.8 | 2024-03-13 | A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ director… |
CVE-2023-45911 | Critical | 9.8 | 2023-10-18 | An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password. |
CVE-2022-39952 | Critical | 9.8 | 2023-02-16 | A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7… |
CVE-2022-48198 | Critical | 9.8 | 2023-01-01 | The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node… |
CVE-2022-32221 | Critical | 9.8 | 2022-12-05 | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIEL… |
CVE-2022-26869 | Critical | 9.8 | 2022-06-02 | Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vul… |
CVE-2022-24074 | Critical | 9.8 | 2022-03-17 | Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lea… |