Threats Tagged 'cwe-669'
View all threats tagged with 'cwe-669'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-669'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-46448: CWE-669 Incorrect Resource Transfer Between Spheres in OpenStack NovaCVE-2026-46448 0 In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation. Join the discussion | CVE Database V5 | 06/16/2026, 00:00:00 UTC Added: 06/16/2026, 19:30:49 UTC |
CVE-2026-12068: CWE-669 Incorrect Resource Transfer Between Contexts in Gen Digital Avira Password ManagerCVE-2026-12068 0 Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux. Join the discussion | CVE Database V5 | 06/12/2026, 22:19:18 UTC Added: 06/12/2026, 22:54:54 UTC |
CVE-2026-44917: CWE-669 Incorrect Resource Transfer Between Spheres in OpenStack IronicCVE-2026-44917 0 OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template. Join the discussion | CVE Database V5 | 06/04/2026, 00:00:00 UTC Added: 06/04/2026, 03:48:37 UTC |
CVE-2026-46447: CWE-669 Incorrect Resource Transfer Between Spheres in OpenStack IronicCVE-2026-46447 0 OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. Join the discussion | CVE Database V5 | 06/03/2026, 00:00:00 UTC Added: 06/03/2026, 21:18:37 UTC |
CVE-2026-48847: CWE-669 Incorrect Resource Transfer Between Spheres in Roundcube WebmailCVE-2026-48847 0 CVE-2026-48847 is a vulnerability in Roundcube Webmail versions 1.6.0 through 1.6.15 and 1.7.0 that allows an unauthenticated attacker to delete arbitrary files by exploiting session poisoning via redis or memcache. The vulnerability is classified under CWE-669, indicating incorrect resource transfer between spheres. The CVSS score is 3.7, reflecting a low severity impact primarily affecting availability with no confidentiality or integrity impact. Join the discussion | CVE Database V5 | 05/25/2026, 19:23:40 UTC Added: 05/25/2026, 19:40:00 UTC |
CVE-2026-48846: CWE-669 Incorrect Resource Transfer Between Spheres in Roundcube WebmailCVE-2026-48846 0 CVE-2026-48846 is a medium severity vulnerability in Roundcube Webmail versions 1.6.0 through 1.6.15 and 1.7.0. It allows bypassing the remote image blocking feature via a crafted CSS var() value in an email message. This bypass may lead to information disclosure or access-control bypass. No official patch or remediation level has been confirmed yet. Join the discussion | CVE Database V5 | 05/25/2026, 19:21:09 UTC Added: 05/25/2026, 19:40:00 UTC |
CVE-2026-48845: CWE-669 Incorrect Resource Transfer Between Spheres in Roundcube WebmailCVE-2026-48845 0 In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message. Join the discussion | CVE Database V5 | 05/25/2026, 19:18:09 UTC Added: 05/25/2026, 19:40:00 UTC |
Showing 1 to 7 of 7 results