CWE-706 · Use of Incorrectly-Resolved Name or Reference
45 CVEs classified under CWE-706 (Use of Incorrectly-Resolved Name or Reference). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-35198 | Critical | 9.8 | 2024-07-18 | TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by… |
CVE-2026-35039 | Critical | 9.1 | 2026-04-06 | fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly crea… |
CVE-2026-35666 | High | 8.8 | 2026-04-10 | OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass… |
CVE-2021-37214 | High | 8.8 | 2021-08-09 | The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attac… |
CVE-2026-40912 | High | 8.2 | 2026-04-30 | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerabi… |
CVE-2024-27295 | High | 8.2 | 2024-03-01 | Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to recei… |
CVE-2026-25890 | High | 8.1 | 2026-02-09 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.5… |
CVE-2023-42125 | High | 7.8 | 2024-05-03 | Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges o… |
CVE-2025-58362 | High | 7.5 | 2025-09-04 | Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility functi… |
CVE-2024-27292 | High | 7.5 | 2024-02-29 | Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on t… |
CVE-2022-31089 | High | 7.5 | 2022-06-27 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files req… |
CVE-2023-42451 | High | 7.4 | 2023-09-19 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances… |
CVE-2025-30357 | High | 7.3 | 2025-04-18 | NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments o… |
CVE-2020-26233 | High | 7.3 | 2020-12-08 | Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core befo… |
CVE-2022-28198 | Medium | 6.6 | 2022-04-29 | NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbi… |
CVE-2026-45306 | Medium | 6.5 | 2026-05-28 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside… |
CVE-2025-62378 | Medium | 6.1 | 2025-10-15 | CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command h… |
CVE-2026-30856 | Medium | 5.9 | 2026-03-07 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool na… |
CVE-2024-52515 | Medium | 5.7 | 2024-11-15 | Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a mani… |
CVE-2023-28643 | Medium | 5.5 | 2023-03-30 | Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache… |