CWE-15
60 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-15page 2 of 2
- CVE-2026-22750HIGHCVSS 7.5EG 7.52026-04-10
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer u…
- CVE-2026-30816MEDIUMCVSS 5.7EG 5.72026-04-08
An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation ma…
- CVE-2026-30817MEDIUMCVSS 5.7EG 5.72026-04-08
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may a…
- CVE-2026-33092HIGHCVSS 7.8EG 7.82026-04-10
Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.
- CVE-2026-35650HIGHCVSS 7.5EG 7.52026-04-10
OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malforme…
- CVE-2026-41294HIGHCVSS 8.6EG 8.62026-04-21
OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override run…
- CVE-2026-41384HIGHCVSS 7.8EG 7.82026-04-28
OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious wor…
- CVE-2026-41489HIGHCVSS 8.8EG 8.82026-05-11
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd (pihole-FTL-prestart.sh and pihol…
- CVE-2026-43531HIGHCVSS 7.3EG 7.32026-05-05
OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub reso…
- CVE-2026-45087CRITICALCVSS 10.0EG 10.02026-05-27
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by default and requires no API key unless the…
Map vulnerabilities like CWE-15 to your infrastructure
EchelonGraph correlates every CVE — across CWE-15 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →