Reddit NetSec

AlienVault OTX General

CVE Database V5

Reddit InfoSec News

Exploit-DB RSS Feed

ThreatFox MISP Feed

CIRCL OSINT Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. In versions prior to 3.24.0, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation. With the new semantic data from one transaction can leak to the data from another transaction. From a Vert.x point of view, this new semantic clarifies the behavior. A significant amount of data is stored in the duplicated context, including request scope, security details, and metadata. Duplicating a duplicated context is rather rare and is only done in a few places. This issue has been patched in version 3.24.0.

CVE-2025-49574 is a medium-severity vulnerability affecting versions of the Quarkus framework prior to 3.24.0. Quarkus is a cloud-native, container-first Java framework widely used for building microservices and serverless applications, particularly in Linux container environments. The vulnerability stems from improper handling of duplicated contexts within Vert.x, a reactive toolkit Quarkus leverages for asynchronous programming and context propagation. Specifically, when a duplicated context is duplicated again—a rare but supported operation—sensitive data such as request-scoped information, security credentials, and metadata can leak between transactions. This results in exposure of data to an unintended scope or "wrong sphere," classified under CWE-668. The vulnerability does not require user interaction but does require low privileges and remote access (AV:A, PR:L, UI:N). The CVSS 3.1 score is 6.4, reflecting high impact on confidentiality and integrity but no impact on availability. The issue has been addressed in Quarkus version 3.24.0. No known exploits are currently reported in the wild. The vulnerability could lead to unauthorized disclosure of sensitive information between concurrent transactions, potentially compromising user data, session integrity, or security context isolation in multi-tenant or multi-user environments. Given Quarkus's growing adoption in cloud-native Java applications, this vulnerability poses a risk to organizations relying on affected versions for critical services.

Detailed information about CVE-2025-49574: CWE-668: Exposure of Resource to Wrong Sphere in quarkusio quarkus affecting quarkusio quarkus. Get real-time updates

CVE-2025-49574: CWE-668: Exposure of Resource to Wrong Sphere in quarkusio quarkus - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-49574: CWE-668: Exposure of Resource to Wrong Sphere in quarkusio quarkus

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions.

In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context.

This issue affects Juniper Networks Junos OS on MX Series:



  *  All versions earlier than 20.4R3-S9;
  *  21.2 versions earlier than 21.2R3-S3;
  *  21.4 versions earlier than 21.4R3-S5;
  *  22.1 versions earlier than 22.1R3;
  *  22.2 versions earlier than 22.2R3;
  *  22.3 versions earlier than 22.3R2.

CVE-2024-21597 is a medium-severity vulnerability identified in the Packet Forwarding Engine (PFE) component of Juniper Networks Junos OS running on MX Series routers. This vulnerability is classified under CWE-668, which involves the exposure of resources to the wrong sphere, meaning that access controls intended to restrict resource access are bypassed. Specifically, in environments configured with Abstracted Fabric (AF) and routing-instances (RI), certain valid traffic destined for the device can bypass the configured lo0 firewall filters because it is received in an incorrect routing-instance context. This flaw allows an unauthenticated, network-based attacker to circumvent intended access restrictions without requiring any user interaction or prior authentication. The vulnerability affects multiple versions of Junos OS, including all versions earlier than 20.4R3-S9, 21.2 versions earlier than 21.2R3-S3, 21.4 versions earlier than 21.4R3-S5, 22.1 versions earlier than 22.1R3, 22.2 versions earlier than 22.2R3, and 22.3 versions earlier than 22.3R2. The core issue arises from how the PFE processes traffic in the presence of routing-instances within an Abstracted Fabric setup, leading to traffic being handled in the wrong RI context and thus bypassing firewall filters applied on the loopback interface (lo0). The vulnerability has a CVSS v3.1 base score of 5.3, indicating a medium severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality (C:N), limited impact on integrity (I:L), and no impact on availability (A:N). There are no known exploits in the wild at the time of publication, and no patches are linked in the provided information, though Juniper Networks likely has released or will release updates to address this issue. This vulnerability primarily impacts network security by allowing unauthorized traffic to bypass firewall rules, potentially enabling attackers to inject or manipulate traffic that should have been blocked or filtered, thereby undermining network segmentation and security policies.

Detailed information about CVE-2024-21597: CWE-668 Exposure of Resource to Wrong Sphere in Juniper Networks Junos OS affecting Juniper Networks Junos OS. Get re

CVE-2024-21597: CWE-668 Exposure of Resource to Wrong Sphere in Juniper Networks Junos OS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-21597: CWE-668 Exposure of Resource to Wrong Sphere in Juniper Networks Junos OS

Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.

CVE-2024-51754 is a vulnerability in Twig, a widely used PHP templating engine, specifically affecting its sandbox security mechanism. Twig allows developers to safely render templates by restricting certain operations in a sandboxed environment. However, this vulnerability arises because an attacker can invoke the magic method __toString() on an object even if the security policy explicitly disallows this method. This occurs when the object is part of an array or passed as an argument to a function or filter within the template. The __toString() method in PHP is used to convert an object to a string representation, and unauthorized invocation can lead to unintended information disclosure or manipulation of template rendering behavior. The flaw is present in Twig versions prior to 3.11.2 and between 3.12.0 and before 3.14.1. It has been patched in versions 3.11.2 and 3.14.1. No known workarounds exist, so upgrading is the only effective mitigation. The vulnerability is classified under CWE-668, which refers to exposure of resources to the wrong sphere, meaning that the sandbox boundary intended to isolate certain operations is bypassed. The CVSS v3.1 base score is 2.2, indicating a low severity level, with the vector showing network attack vector, high attack complexity, requiring privileges, no user interaction, unchanged scope, and low confidentiality impact. There are no known exploits in the wild at this time. The vulnerability primarily affects the confidentiality aspect by potentially exposing object data through unintended __toString() calls, but does not impact integrity or availability. Exploitation requires privileges (i.e., the attacker must have some level of access to the system or application using Twig) and is complex due to the need to craft specific template inputs that trigger the vulnerability within the sandbox context.

Detailed information about CVE-2024-51754: CWE-668: Exposure of Resource to Wrong Sphere in twigphp Twig affecting twigphp Twig. Get real-time updates, technica

CVE-2024-51754: CWE-668: Exposure of Resource to Wrong Sphere in twigphp Twig - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-51754: CWE-668: Exposure of Resource to Wrong Sphere in twigphp Twig

The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue.

CVE-2020-26272 is a vulnerability in the Electron framework, which is widely used to build cross-platform desktop applications using web technologies such as JavaScript, HTML, and CSS. Specifically, this flaw affects the Inter-Process Communication (IPC) mechanism within Electron versions prior to 9.4.0, 10.2.0, and 11.1.0. The vulnerability arises when messages sent from the main process to a subframe in the renderer process—via methods like webContents.sendToFrame, event.reply, or the remote module—can be incorrectly delivered to an unintended frame. This misrouting of IPC messages constitutes an exposure of resources to the wrong sphere (CWE-668), potentially allowing data leakage or unauthorized access between different frames or contexts within the application. Applications that utilize the remote module or invoke webContents.sendToFrame or event.reply in IPC handlers are susceptible. The issue has been addressed in Electron versions 9.4.0, 10.2.0, 11.1.0, and later. No known workarounds exist, so upgrading to a patched version is essential. The vulnerability has a CVSS v3.1 base score of 5.4 (medium severity), reflecting a network attack vector with high attack complexity, no privileges required, no user interaction, and a scope change. The impact is limited to low confidentiality and integrity loss without affecting availability. No known exploits have been reported in the wild to date.

Detailed information about CVE-2020-26272: CWE-668: Exposure of Resource to Wrong Sphere in electron electron affecting electron electron. Get real-time updates

CVE-2020-26272: CWE-668: Exposure of Resource to Wrong Sphere in electron electron - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2020-26272: CWE-668: Exposure of Resource to Wrong Sphere in electron electron

Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.

CVE-2023-49345 is a medium severity vulnerability identified in the Budgie Extras Takeabreak applet, part of the Ubuntu Budgie desktop environment, specifically affecting version 1.4.0. The vulnerability arises from the way temporary data is handled and stored between application components. This data is written to a location on the local filesystem that is accessible to any user with local access to the system. Because of this, an attacker with local privileges can pre-create or manipulate the temporary file used by the Takeabreak applet. This manipulation can lead to presenting false information to legitimate users or denying access to the application and its panel, effectively causing a denial of service or misleading the user interface. The vulnerability is categorized under CWE-668 (Exposure of Resource to Wrong Sphere) and CWE-377 (Insecure Temporary File), indicating improper handling of temporary resources that can be accessed or controlled by unauthorized users. The CVSS 3.1 base score is 6.0, reflecting a medium severity level. The vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H indicates that the attack requires local access (AV:L), low attack complexity (AC:L), and high privileges (PR:H), with no user interaction (UI:N). The impact affects integrity and availability but not confidentiality. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability primarily affects local users with elevated privileges who can manipulate the temporary files used by the applet, potentially disrupting user experience or causing denial of service within the Ubuntu Budgie environment.

Detailed information about CVE-2023-49345: CWE-668 in Ubuntu Budgie Budgie Extras affecting Ubuntu Budgie Budgie Extras. Get real-time updates, technical detail

CVE-2023-49345: CWE-668 in Ubuntu Budgie Budgie Extras - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2023-49345: CWE-668 in Ubuntu Budgie Budgie Extras

Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.

CVE-2022-38599 is a medium-severity information disclosure vulnerability affecting specific versions of Teleport, namely v3.2.2, v3.5.6-rc6, and v3.6.3-b2. Teleport is a widely used open-source tool that provides secure access to infrastructure such as SSH servers, Kubernetes clusters, and internal web applications. The vulnerability arises from an information leak via the /user/get-role-list web interface endpoint. This endpoint, when accessed, improperly exposes sensitive role-related information that should be restricted. The vulnerability is classified under CWE-668 (Exposure of Resource to Wrong Sphere), indicating that the system exposes resources or information to unauthorized parties due to improper access control or validation. According to the CVSS v3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), the attack vector is network-based, requires low attack complexity, and requires privileges (PR:L) but no user interaction. The impact is high on confidentiality, with no impact on integrity or availability. No known exploits are currently reported in the wild, and no official patches or vendor advisories are linked in the provided data. The vulnerability allows an authenticated user with some privileges to retrieve sensitive role information, which could facilitate further privilege escalation or targeted attacks within the affected infrastructure. Given the nature of Teleport as a critical access management tool, leaking role information can undermine security policies and expose organizational access structures to adversaries.

Detailed information about CVE-2022-38599: n/a in n/a affecting n/a n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2022-38599: n/a in n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2022-38599: n/a in n/a

PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.

CVE-2022-38813 is a high-severity vulnerability affecting the PHPGurukul Blood Donor Management System version 1.0. The core issue lies in improper access control on the admin/dashboard.php page, which fails to restrict unauthorized users from accessing administrative functionalities. This flaw allows attackers with at least some level of privileges (as indicated by the CVSS vector requiring PR:L, meaning low privileges) to bypass intended access restrictions and gain full administrative control over the system. Specifically, an attacker can view all user data, delete user records, add and manage blood group information, and submit reports. The vulnerability is classified under CWE-668, which relates to improper access control, emphasizing the failure to enforce proper authorization checks. The CVSS 3.1 base score of 8.1 reflects the high impact on confidentiality and integrity, with no impact on availability. The attack vector is network-based (AV:N), requiring no user interaction (UI:N), and the scope remains unchanged (S:U). Although no known exploits are currently reported in the wild, the vulnerability presents a significant risk due to the sensitive nature of the data involved and the administrative privileges that can be gained. The lack of vendor or product-specific details suggests this is a niche or less widely known system, but the impact on any deployed instance is critical due to the sensitive health-related data and operational control exposed.

Detailed information about CVE-2022-38813: n/a in n/a affecting n/a n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2022-38813: n/a in n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2022-38813: n/a in n/a

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.

CVE-2022-3866 is a medium-severity vulnerability affecting HashiCorp Nomad and Nomad Enterprise versions 1.4.0 and 1.4.1. The issue arises from improper access control in the workload identity token mechanism, which allows a token to list non-sensitive metadata for paths under the 'nomad/' prefix that belong to other jobs within the same namespace. This vulnerability is classified under CWE-668, indicating an exposure of resources to an incorrect sphere, meaning that information intended to be isolated per job is inadvertently accessible to other jobs sharing the same namespace. The vulnerability does not expose sensitive data but allows enumeration of metadata that could aid an attacker in understanding the environment or planning further attacks. Exploitation requires network access (AV:N) and low attack complexity (AC:L), but does require privileges (PR:L) in the form of a workload identity token associated with a job in the namespace. No user interaction is needed (UI:N). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially authorized boundary. The vulnerability does not impact confidentiality severely (C:L), nor does it affect integrity or availability. The issue was fixed in version 1.4.2 of Nomad. There are no known exploits in the wild, and no public patch links were provided in the source information. Nomad is a widely used workload orchestrator for deploying and managing containers and non-containerized applications, often used in cloud and hybrid environments for workload scheduling and management.

Detailed information about CVE-2022-3866: CWE-668 Exposure of Resource to Wrong Sphere in HashiCorp Nomad affecting HashiCorp Nomad. Get real-time updates, tech

CVE-2022-3866: CWE-668 Exposure of Resource to Wrong Sphere in HashiCorp Nomad - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2022-3866: CWE-668 Exposure of Resource to Wrong Sphere in HashiCorp Nomad

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

CVE-2024-21626 is a high-severity vulnerability affecting the opencontainers runc tool, versions from 1.0.0-rc93 up to but not including 1.1.12. runc is a widely used CLI utility responsible for spawning and running containers on Linux systems according to the Open Container Initiative (OCI) specification. The vulnerability arises from an internal file descriptor leak that improperly exposes file descriptors to container processes. Specifically, this leak allows a newly spawned container process, either via 'runc exec' or 'runc run', to retain a working directory within the host filesystem namespace. This exposure enables a container escape, where the containerized process gains unauthorized access to the host filesystem, violating container isolation principles.

The vulnerability manifests in three main attack vectors: (1) a malicious container image can exploit the leak during 'runc run' to access the host filesystem; (2) an attacker executing commands inside an existing container using 'runc exec' can similarly gain host filesystem access; and (3) variants of these attacks can overwrite semi-arbitrary binaries on the host, potentially leading to full container escapes with elevated privileges. These attack vectors exploit the CWE-403 (Exposure of File Descriptor to Unintended Control Sphere) and CWE-668 (Exposure of Resource to Wrong Sphere) weaknesses. The vulnerability has a CVSS 3.1 base score of 8.6, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity but requiring local access and user interaction.

The issue was patched in runc version 1.1.12, and users are strongly advised to upgrade to this or later versions. No known exploits are currently reported in the wild, but the severity and nature of the vulnerability make it a critical risk for containerized environments relying on vulnerable runc versions.

Detailed information about CVE-2024-21626: CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') in opencontainers runc aff

CVE-2024-21626: CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') in opencontainers runc - Live Threat Intelligence - Threat Radar | OffSeq.com

Title	Severity	Type	Source	Date

Threats Tagged 'cwe-668'

Filter Threats

Threats Tagged 'cwe-668'

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility