CWE-610: CWE-610
Yearly Trend
Top Affected Vendors
All CWE-610 CVEs (47)
This vulnerability in NamelessMC allows attackers with admincp.core.emails or admincp.users.edit permissions to reset user passwords and take over acc...
Jan 13, 2025This vulnerability in UiPath Assistant allows attackers to execute arbitrary code or capture NTLM credentials by tricking users into clicking maliciou...
Dec 14, 2021This vulnerability in Grafana allows organization administrators to access and modify users in other organizations when fine-grained access control is...
Nov 15, 2021This vulnerability in Synology Antivirus Essential allows remote authenticated users to escalate privileges by exploiting an externally controlled ref...
Apr 28, 2021HCL MyXalytics has an out-of-band resource load vulnerability where attackers can host malicious web content and trick the application into fetching a...
Jan 11, 2025This CVE describes a server-side request forgery (SSRF) vulnerability in Rockwell Automation ThinManager software where authenticated attackers can fo...
Sep 9, 2025MSEdgeRedirect versions before 0.5.0.1 are vulnerable to remote code execution via crafted URLs that bypass URL validation. Attackers can execute mali...
Dec 20, 2021This vulnerability in Metabase allows attackers with SQL permissions on one SQLite database to attach and query across multiple SQLite databases if th...
Apr 14, 2022This Android vulnerability allows a malicious app to leak data between user profiles on the same device due to a confused deputy flaw in the notificat...
Jul 9, 2024This vulnerability allows local attackers to escalate privileges by exploiting improper handling of symbolic links in Acronis Agent. Attackers with lo...
Oct 4, 2023This vulnerability allows local attackers to escalate privileges during installation of Acronis Cyber Protect Home Office on Windows systems. Attacker...
Aug 31, 2023This vulnerability in Insyde InsydeH2O UEFI firmware allows attackers to corrupt System Management RAM (SMRAM) due to insufficient validation of save ...
Apr 12, 2023This vulnerability in Android's SystemUI allows attackers to launch arbitrary activities through a confused deputy attack, potentially leading to loca...
Mar 30, 2022This vulnerability allows local privilege escalation on Android devices through an intent redirection flaw in the System UI. An attacker could trick t...
Feb 11, 2022This vulnerability allows local attackers to bypass Bluetooth permission checks in Android's settings interface, potentially gaining elevated privileg...
Jan 14, 2022CVE-2021-0708 is a local privilege escalation vulnerability in Android's ActivityManagerShellCommand that allows attackers to delete system files with...
Oct 22, 2021This vulnerability in Android's WiFiInstaller allows a malicious app to delete files accessible to CertInstaller due to a confused deputy attack. It e...
Jun 22, 2021This vulnerability allows malicious apps to gain WRITE_EXTERNAL_STORAGE permissions without user consent through a confused deputy attack in Android's...
Jun 22, 2021This vulnerability allows attackers to escape the intended directory structure during archive unpacking in Nomad migrations, potentially writing files...
Jul 23, 2024This vulnerability allows unauthenticated attackers to manipulate a controller's webserver URL to access resources they shouldn't have access to, pote...
May 14, 2025ACEweb Online Portal 3.5.065 contains a path traversal vulnerability in the txtFilePath parameter of attachments.awp that allows attackers to read arb...
Jun 2, 2022This CVE describes a local privilege escalation vulnerability in Acronis Cyber Protect 17 for Windows due to improper handling of symbolic links. Atta...
Mar 6, 2026This CVE describes a local privilege escalation vulnerability in Acronis Cyber Protect 17 for Windows due to improper handling of symbolic links. An a...
Mar 6, 2026This vulnerability allows remote attackers to execute XML External Entity (XXE) attacks against Bjskzy Zhiyou ERP systems up to version 11.0. By manip...
Sep 29, 2025This is an XML External Entity (XXE) vulnerability in Jinher OA 2.0 that allows remote attackers to read arbitrary files from the server or potentiall...
Sep 22, 2025This CVE describes an XML External Entity (XXE) vulnerability in Jinher OA software up to version 1.2. Attackers can exploit this to read sensitive fi...
Sep 8, 2025This vulnerability in Jinher OA allows attackers to perform XML External Entity (XXE) attacks through the XML Handler component. Remote exploitation c...
Sep 8, 2025This vulnerability in Jinher OA 1.2 allows remote attackers to perform XML External Entity (XXE) attacks via the ProjectScheduleDelete.aspx file. This...
Jul 19, 2025This vulnerability in Jinher OA 1.0 allows attackers to perform XML External Entity (XXE) attacks through the /c6/Jhsoft.Web.message/ToolBar/DelTemp.a...
Jul 13, 2025This vulnerability allows a malicious app on an Android device to send privileged broadcast intents, potentially gaining elevated permissions. It affe...
Aug 17, 2021This vulnerability in MDaemon email server allows administrators with Remote Administration access to write arbitrary files anywhere on the filesystem...
Apr 14, 2021CVE-2024-45826 is a path traversal and remote code execution vulnerability in ThinManager® that allows attackers to install executable files via craf...
Sep 12, 2024This vulnerability allows an attacker to modify the primary user's face unlock settings without authentication through a confused deputy attack. It af...
Dec 8, 2025Dell Command | Update, Dell Update, and Alienware Update UWP applications contain an exposed dangerous method vulnerability in versions prior to 5.4. ...
Aug 6, 2024This vulnerability in opencc JFlow's workflow engine allows XML External Entity (XXE) attacks through manipulation of file arguments. Attackers can re...
Feb 16, 2026This XXE vulnerability in O2OA allows attackers to read arbitrary files from the server by sending specially crafted XML payloads to the vulnerable en...
Feb 7, 2026This CVE describes an XML External Entity (XXE) vulnerability in bestfeng oa_git_free software up to version 9.5. Attackers can exploit this remotely ...
Nov 15, 2025This XXE vulnerability in YoukeFu allows attackers to read arbitrary files from the server by exploiting XML parsing in the call center router compone...
Apr 4, 2025This vulnerability allows remote attackers to perform XML External Entity (XXE) attacks through the webHook function in crmeb_java's WeChatMessageCont...
Mar 17, 2025This XXE vulnerability in ywoa's WXCallBack Interface allows attackers to read arbitrary files from the server by exploiting XML parsing. It affects a...
Feb 12, 2025This vulnerability allows an attacker with access to a Nomad client agent to write files outside the intended allocation directory during archive unpa...
Aug 15, 2024This vulnerability allows a malicious app on an Android device to access media files from other user profiles without permission. It affects Android d...
Sep 2, 2025This Android vulnerability allows one user's images to be accessed by another user through confused deputy attacks in StatusHint.java and TelecomServi...
Aug 26, 2025This CVE describes an XML External Entity (XXE) vulnerability in thinkgem JeeSite's CAS authentication component. Attackers can exploit this flaw to r...
Mar 2, 2026A symbolic link vulnerability in snapd versions before 2.62 allows attackers to write privileged information to world-readable directories. Attackers ...
Jul 25, 2024This vulnerability allows attackers to poison web caches by sending crafted HTTP requests with malicious Host headers to Fortinet devices. Attackers c...
Jan 22, 2025This vulnerability allows malicious apps to bypass user consent checks when accessing files in shared storage on Android devices. It enables local inf...
Aug 26, 2025About CWE-610 (CWE-610)
Our database tracks 47 CVEs classified as CWE-610, with 4 rated critical and 27 rated high severity. The average CVSS score for CWE-610 vulnerabilities is 7.2.
External reference: View CWE-610 on MITRE CWE →
Monitor CWE-610 Vulnerabilities
Get alerted when new CWE-610 CVEs affect your infrastructure.
Start Monitoring Free