CWE-424
Allowed-with-ReviewImproper Protection of Alternate Path
Abstraction: Class · Status: Draft
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
61 vulnerabilities reference this CWE, most recent first.
CVE-2021-3793 (GCVE-0-2021-3793)
Vulnerability from cvelistv5 – Published: 2021-11-12 22:05 – Updated: 2024-08-03 17:09- CWE-424 - Improper Protection of Alternate Path
| URL | Tags |
|---|---|
| https://binatoneglobal.com/security-advisory/ | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Motorola | Binatone Hubble Cameras |
Affected:
various
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://binatoneglobal.com/security-advisory/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Binatone Hubble Cameras",
"vendor": "Motorola",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Motorola thanks Lenovo Global Security Lab for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "CWE-424 Improper Protection of Alternate Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-12T22:05:52.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://binatoneglobal.com/security-advisory/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the camera firmware version (or newer version) indicated in the Product Impact section of the Binatone Security Advisory: https://binatoneglobal.com/security-advisory/."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Binatone Hubble Cameras",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Motorola"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Motorola thanks Lenovo Global Security Lab for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-424 Improper Protection of Alternate Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://binatoneglobal.com/security-advisory/",
"refsource": "MISC",
"url": "https://binatoneglobal.com/security-advisory/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the camera firmware version (or newer version) indicated in the Product Impact section of the Binatone Security Advisory: https://binatoneglobal.com/security-advisory/."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3793",
"datePublished": "2021-11-12T22:05:52.000Z",
"dateReserved": "2021-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:08.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18997 (GCVE-0-2019-18997)
Vulnerability from cvelistv5 – Published: 2019-12-18 20:22 – Updated: 2024-08-05 02:02- CWE-424 - Improper Protection of Alternate Path
| URL | Tags |
|---|---|
| http://search.abb.com/library/Download.aspx?Docum… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | PB610 Panel Builder 600 |
Affected:
unspecified , ≤ 2.8.0.424
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PB610 Panel Builder 600",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.8.0.424",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NSFOCUS for providing vulnerability details and proof of concept."
}
],
"descriptions": [
{
"lang": "en",
"value": "The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "CWE-424 Improper Protection of Alternate Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T20:22:47.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"defect": [
"ABBVU-RAMF-1908004"
],
"discovery": "UNKNOWN"
},
"title": "PB610 HMISimulator provides interface with access to arbitrary files",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-18997",
"STATE": "PUBLIC",
"TITLE": "PB610 HMISimulator provides interface with access to arbitrary files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PB610 Panel Builder 600",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.8.0.424"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NSFOCUS for providing vulnerability details and proof of concept."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-424 Improper Protection of Alternate Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"defect": [
"ABBVU-RAMF-1908004"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-18997",
"datePublished": "2019-12-18T20:22:47.000Z",
"dateReserved": "2019-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:02:39.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18996 (GCVE-0-2019-18996)
Vulnerability from cvelistv5 – Published: 2019-12-18 20:24 – Updated: 2024-08-05 02:02- CWE-424 - Improper Protection of Alternate Path
| URL | Tags |
|---|---|
| http://search.abb.com/library/Download.aspx?Docum… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | PB610 Panel Builder 600 |
Affected:
unspecified , ≤ 2.8.0.424
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PB610 Panel Builder 600",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.8.0.424",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NSFOCUS for providing vulnerability details and proof of concept."
}
],
"descriptions": [
{
"lang": "en",
"value": "Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application\u2019s context."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "CWE-424 Improper Protection of Alternate Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T20:24:44.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"defect": [
"ABBVU-RAMF-1908003"
],
"discovery": "UNKNOWN"
},
"title": "ABB PB610 HMIStudio accepts malicious DLL file in an application",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-18996",
"STATE": "PUBLIC",
"TITLE": "ABB PB610 HMIStudio accepts malicious DLL file in an application"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PB610 Panel Builder 600",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.8.0.424"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NSFOCUS for providing vulnerability details and proof of concept."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application\u2019s context."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-424 Improper Protection of Alternate Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"defect": [
"ABBVU-RAMF-1908003"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-18996",
"datePublished": "2019-12-18T20:24:44.000Z",
"dateReserved": "2019-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:02:39.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-23FP-MRFV-CWV4
Vulnerability from github – Published: 2025-05-27 06:30 – Updated: 2025-05-27 18:30vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern.
{
"affected": [],
"aliases": [
"CVE-2025-48827"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-27T04:15:41Z",
"severity": "CRITICAL"
},
"details": "vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers\u0027 methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern.",
"id": "GHSA-23fp-mrfv-cwv4",
"modified": "2025-05-27T18:30:49Z",
"published": "2025-05-27T06:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48827"
},
{
"type": "WEB",
"url": "https://blog.kevintel.com/vbulletin-replaceadtemplate-kev"
},
{
"type": "WEB",
"url": "https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce"
},
{
"type": "WEB",
"url": "https://kevintel.com/CVE-2025-48827"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-263Q-5CV3-XQ9G
Vulnerability from github – Published: 2025-12-26 03:30 – Updated: 2025-12-26 19:12Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 1.23.0"
},
"package": {
"ecosystem": "Go",
"name": "code.gitea.io/gitea"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-68939"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-26T19:12:02Z",
"nvd_published_at": "2025-12-26T03:15:50Z",
"severity": "HIGH"
},
"details": "Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.",
"id": "GHSA-263q-5cv3-xq9g",
"modified": "2025-12-26T19:12:02Z",
"published": "2025-12-26T03:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68939"
},
{
"type": "WEB",
"url": "https://github.com/go-gitea/gitea/pull/32151"
},
{
"type": "WEB",
"url": "https://blog.gitea.com/release-of-1.23.0"
},
{
"type": "PACKAGE",
"url": "https://github.com/go-gitea/gitea"
},
{
"type": "WEB",
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Gitea allows attackers to add attachments with forbidden file extensions"
}
GHSA-2CPP-J2FC-QHP7
Vulnerability from github – Published: 2026-03-17 20:33 – Updated: 2026-06-08 23:15Description
The AWS API MCP Server is an open source Model Context Protocol (MCP) server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls.
This server acts as a bridge between AI assistants and AWS services, allowing you to create, update, and manage AWS resources across all available services. The server includes a configurable file access feature that controls how AWS CLI commands interact with the local file system. By default, file operations are restricted to a designated working directory (workdir), but this can be configured to allow unrestricted file system access (unrestricted) or to block all local file path arguments entirely (no-access).
Description: Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context.
To remediate this issue, users should upgrade to version 1.3.9.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "awslabs.aws-api-mcp-server"
},
"ranges": [
{
"events": [
{
"introduced": "0.2.14"
},
{
"fixed": "1.3.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "awslabs-aws-api-mcp-server"
},
"ranges": [
{
"events": [
{
"introduced": "0.2.14"
},
{
"fixed": "1.3.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-4270"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-17T20:33:15Z",
"nvd_published_at": "2026-03-16T17:16:32Z",
"severity": "MODERATE"
},
"details": "### Description\n\nThe AWS API MCP Server is an open source Model Context Protocol (MCP) server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls.\n\nThis server acts as a bridge between AI assistants and AWS services, allowing you to create, update, and manage AWS resources across all available services. The server includes a configurable file access feature that controls how AWS CLI commands interact with the local file system. By default, file operations are restricted to a designated working directory (workdir), but this can be configured to allow unrestricted file system access (unrestricted) or to block all local file path arguments entirely (no-access).\n\n**Description:** Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions \u003e= 0.2.14 and \u003c 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context.\n\nTo remediate this issue, users should upgrade to version 1.3.9.",
"id": "GHSA-2cpp-j2fc-qhp7",
"modified": "2026-06-08T23:15:15Z",
"published": "2026-03-17T20:33:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/awslabs/mcp/security/advisories/GHSA-2cpp-j2fc-qhp7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4270"
},
{
"type": "WEB",
"url": "https://aws.amazon.com/security/security-bulletins/2026-007-AWS"
},
{
"type": "PACKAGE",
"url": "https://github.com/awslabs/mcp"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/awslabs-aws-api-mcp-server/PYSEC-2026-162.yaml"
},
{
"type": "WEB",
"url": "https://pypi.org/project/awslabs.aws-api-mcp-server/1.3.9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "AWS API MCP File Access Restriction Bypass"
}
GHSA-3HGV-99J2-FHVJ
Vulnerability from github – Published: 2025-06-03 00:31 – Updated: 2025-06-03 00:31Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.
{
"affected": [],
"aliases": [
"CVE-2025-49163"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T00:15:20Z",
"severity": "MODERATE"
},
"details": "Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.",
"id": "GHSA-3hgv-99j2-fhvj",
"modified": "2025-06-03T00:31:02Z",
"published": "2025-06-03T00:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49163"
},
{
"type": "WEB",
"url": "https://full-disclosure.eu/reports/2025/FDEU-CVE-2025-1c00-arris-bootloader-shell-injection.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4FPH-66X7-MXRV
Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2024-05-22 09:31The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form.
{
"affected": [],
"aliases": [
"CVE-2024-3927"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-22T07:15:13Z",
"severity": "MODERATE"
},
"details": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid \u0026 Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form.",
"id": "GHSA-4fph-66x7-mxrv",
"modified": "2024-05-22T09:31:46Z",
"published": "2024-05-22T09:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3927"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/contact-form/module.php#L102"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3089154"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a703fc4-6c61-442e-a637-515e9f501575?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4R7R-XFQ3-2R3V
Vulnerability from github – Published: 2025-04-26 21:31 – Updated: 2025-04-26 21:31CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.
{
"affected": [],
"aliases": [
"CVE-2025-46654"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-26T21:15:15Z",
"severity": "MODERATE"
},
"details": "CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.",
"id": "GHSA-4r7r-xfq3-2r3v",
"modified": "2025-04-26T21:31:26Z",
"published": "2025-04-26T21:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46654"
},
{
"type": "WEB",
"url": "https://github.com/hackmdio/codimd/issues/1910"
},
{
"type": "WEB",
"url": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-58PJ-RCXG-3VHG
Vulnerability from github – Published: 2025-05-27 06:30 – Updated: 2025-05-27 18:30Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass security checks and execute arbitrary PHP code.
{
"affected": [],
"aliases": [
"CVE-2025-48828"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-27T04:15:45Z",
"severity": "CRITICAL"
},
"details": "Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the \"var_dump\"(\"test\") syntax, attackers can bypass security checks and execute arbitrary PHP code.",
"id": "GHSA-58pj-rcxg-3vhg",
"modified": "2025-05-27T18:30:49Z",
"published": "2025-05-27T06:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48828"
},
{
"type": "WEB",
"url": "https://blog.kevintel.com/vbulletin-replaceadtemplate-kev"
},
{
"type": "WEB",
"url": "https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce"
},
{
"type": "WEB",
"url": "https://kevintel.com/CVE-2025-48828"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Deploy different layers of protection to implement security in depth.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-554: Functionality Bypass
An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but the functionality behind those protections has been disabled by the adversary.