33 matches found
EUVD-2022-27875
Malicious code in bioql PyPI...
EUVD-2023-31702
Malicious code in bioql PyPI...
EUVD-2022-35601
Malicious code in bioql PyPI...
CVE-2025-6788
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams...
PT-2025-29227 · Apache · Apache Tgml
Name of the Vulnerable Software and Affected Versions: Apache TGML versions affected versions not specified Description: A CWE-668: Exposure of Resource to Wrong Sphere issue exists, exposing TGML diagram resources to an incorrect control sphere. This allows other authenticated users to potential...
CVE-2024-5313
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impact...
CVE-2022-32530
A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile...
CVE-2024-5313
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impact...
CVE-2024-5313
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impact...
CVE-2024-5313
CVE-2024-5313 is associated with Schneider Electric EVlink Home Smart chargers. Public sources describe a CWE-668 “Exposure of the Resource Wrong Sphere” issue where an SSH interface is exposed on the product network interface. Affected versions include EVlink Home Smart v2.0.4.1.2_131 and v2.0.3...
CVE-2023-49345
Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...
CVE-2023-49342
Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...
CVE-2023-49346
Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...
CVE-2023-27976
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...
Remote code execution
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...
CVE-2023-27976
CVE-2023-27976 concerns Schneider Electric EcoStruxure Control Expert (V15.1 and above). The vulnerability is described as CWE-668: Exposure of Resource to Wrong Sphere, where a resource is exposed to the wrong field/sphere, enabling remote code execution when a valid user visits a malicious link...
CVE-2023-27976
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...
CVE-2023-27976
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...
CVE-2022-22732
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources data supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission Versions pri...
CVE-2022-22732
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources data supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission Versions pri...