Common Weakness Enumeration

CWE-669

Allowed-with-Review

Incorrect Resource Transfer Between Spheres

Abstraction: Class · Status: Draft

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

144 vulnerabilities reference this CWE, most recent first.

GHSA-VM8X-Q73P-RMC7

Vulnerability from github – Published: 2025-09-14 06:30 – Updated: 2025-09-14 06:30
VLAI
Details

In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-14T05:15:31Z",
    "severity": "HIGH"
  },
  "details": "In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),",
  "id": "GHSA-vm8x-q73p-rmc7",
  "modified": "2025-09-14T06:30:20Z",
  "published": "2025-09-14T06:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59363"
    },
    {
      "type": "WEB",
      "url": "https://onelogin.service-now.com/support?id=kb_article\u0026sys_id=b0aad1e11bd3ea109a47ec29b04bcb72\u0026kb_category=a0d76d70db185340d5505eea4b96199f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VW9M-6VFH-43XF

Vulnerability from github – Published: 2026-04-28 15:30 – Updated: 2026-04-28 15:30
VLAI
Details

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remote network resource. Alternatively, it is possible to use a previously uploaded file and change its reference. When the application processes the attachment, and a user tries to open it, the referenced resource is executed by the system. Critically, this vulnerability can be exploited by any unauthenticated attacker by chaining it with CVE-2026-40550 and CVE-2026-40551, which allows obtaining database access, and logging onto any account.

This issue affects mpGabinet version 23.12.19 and below.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-28T14:16:13Z",
    "severity": "MODERATE"
  },
  "details": "mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remote network resource. Alternatively, it is possible to use a previously uploaded file and change its reference. When the application processes the attachment, and a user tries to open it, the referenced resource is executed by the system.\nCritically, this vulnerability can be exploited by any unauthenticated attacker by chaining it with CVE-2026-40550 and CVE-2026-40551, which allows obtaining database access, and logging onto any account.\n\nThis issue affects mpGabinet version 23.12.19 and below.",
  "id": "GHSA-vw9m-6vfh-43xf",
  "modified": "2026-04-28T15:30:50Z",
  "published": "2026-04-28T15:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40552"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/posts/2026/04/CVE-2026-40550"
    },
    {
      "type": "WEB",
      "url": "https://www.mpgabinet.pl"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VXG2-HHGR-37FX

Vulnerability from github – Published: 2026-04-03 06:31 – Updated: 2026-04-04 06:53
VLAI
Summary
Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
Details

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "roundcube/roundcubemail"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7-beta"
            },
            {
              "fixed": "1.7-rc5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35540"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669",
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-04T06:53:55Z",
    "nvd_published_at": "2026-04-03T05:16:22Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts.",
  "id": "GHSA-vxg2-hhgr-37fx",
  "modified": "2026-04-04T06:53:55Z",
  "published": "2026-04-03T06:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35540"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/roundcube/roundcubemail"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"
    },
    {
      "type": "WEB",
      "url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages"
}

GHSA-W846-74JR-76CV

Vulnerability from github – Published: 2026-04-03 06:31 – Updated: 2026-04-04 06:58
VLAI
Summary
Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message
Details

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "roundcube/roundcubemail"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7-beta"
            },
            {
              "fixed": "1.7-rc5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35545"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-04T06:58:03Z",
    "nvd_published_at": "2026-04-03T05:16:22Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.",
  "id": "GHSA-w846-74jr-76cv",
  "modified": "2026-04-04T06:58:03Z",
  "published": "2026-04-03T06:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35545"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/roundcube/roundcubemail"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.15"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.15"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6"
    },
    {
      "type": "WEB",
      "url": "https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message"
}

GHSA-W9W7-WHQ2-RR8H

Vulnerability from github – Published: 2025-09-19 00:30 – Updated: 2025-09-19 00:30
VLAI
Details

PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed or blocked. In the GUI client, the IPv6 connection remains functional after disconnection until the user clicks Reconnect. In both cases, the real IPv6 address is exposed to external services, violating user privacy and defeating the advertised IPv6 leak protection. This affects CLI 2.0.1 and GUI 2.10.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T23:15:34Z",
    "severity": "LOW"
  },
  "details": "PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed or blocked. In the GUI client, the IPv6 connection remains functional after disconnection until the user clicks Reconnect. In both cases, the real IPv6 address is exposed to external services, violating user privacy and defeating the advertised IPv6 leak protection. This affects CLI 2.0.1 and GUI 2.10.0.",
  "id": "GHSA-w9w7-whq2-rr8h",
  "modified": "2025-09-19T00:30:58Z",
  "published": "2025-09-19T00:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59691"
    },
    {
      "type": "WEB",
      "url": "https://anagogistis.com/posts/purevpn-ipv6-leak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WW5C-H42X-MC5X

Vulnerability from github – Published: 2025-10-22 06:31 – Updated: 2025-10-22 06:31
VLAI
Details

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-62775"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-22T04:16:09Z",
    "severity": "HIGH"
  },
  "details": "Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password.",
  "id": "GHSA-ww5c-h42x-mc5x",
  "modified": "2025-10-22T06:31:11Z",
  "published": "2025-10-22T06:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62775"
    },
    {
      "type": "WEB",
      "url": "https://blog.nullvoid.me/posts/mercku-exploits"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2025/Oct/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X239-HF9W-JV5X

Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-05-24 17:06
VLAI
Details

V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6862"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-17T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.",
  "id": "GHSA-x239-hf9w-jv5x",
  "modified": "2022-05-24T17:06:54Z",
  "published": "2022-05-24T17:06:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6862"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/159135/ZTE-F602W-CAPTCHA-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X24J-87X9-JVV5

Vulnerability from github – Published: 2021-11-03 17:34 – Updated: 2022-08-11 22:06
VLAI
Summary
Publify `guest` role users can self-register even when the admin does not allow it
Details

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. guest role users can self-register even when the admin does not allow it. This happens due to front-end restriction only.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "publify_core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0.pre1"
            },
            {
              "fixed": "9.2.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-25973"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-669",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-03T14:44:37Z",
    "nvd_published_at": "2021-11-02T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. `guest` role users can self-register even when the admin does not allow it. This happens due to front-end restriction only.",
  "id": "GHSA-x24j-87x9-jvv5",
  "modified": "2022-08-11T22:06:27Z",
  "published": "2021-11-03T17:34:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25973"
    },
    {
      "type": "WEB",
      "url": "https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/publify/publify"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/publify_core/CVE-2021-25973.yml"
    },
    {
      "type": "WEB",
      "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Publify `guest` role users can self-register even when the admin does not allow it"
}

GHSA-X6H4-J5WH-G8PG

Vulnerability from github – Published: 2023-10-11 12:30 – Updated: 2024-04-04 08:33
VLAI
Details

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-44104"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-11T12:15:11Z",
    "severity": "HIGH"
  },
  "details": "Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.",
  "id": "GHSA-x6h4-j5wh-g8pg",
  "modified": "2024-04-04T08:33:48Z",
  "published": "2023-10-11T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44104"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2023/10"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X88J-4P5J-6442

Vulnerability from github – Published: 2022-09-01 00:00 – Updated: 2022-09-08 00:00
VLAI
Details

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-31T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.",
  "id": "GHSA-x88j-4p5j-6442",
  "modified": "2022-09-08T00:00:32Z",
  "published": "2022-09-01T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31233"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/000200975"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.