CWE-923
48 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-923page 1 of 1
- CVE-2018-10596HIGHCVSS 7.1EG 8.02018-07-03
Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initial…
- CVE-2019-17440CRITICALCVSS 10.0EG 10.02019-12-20
Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issu…
- CVE-2021-32004LOWCVSS 3.7EG 5.32021-11-22
This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.
- CVE-2021-32635MEDIUMCVSS 6.3EG 6.32021-05-28
Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt t…
- CVE-2021-38487HIGHCVSS 8.2EG 9.12022-05-05
RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service…
- CVE-2022-2663MEDIUMCVSS 5.3EG 5.32022-09-01
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc con…
- CVE-2022-2835MEDIUMCVSS 4.4EG 4.42023-03-03
A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc.
- CVE-2022-2837MEDIUMCVSS 6.1EG 6.12023-03-03
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.
- CVE-2022-30729LOWCVSS 3.3EG 4.62022-06-07
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.
- CVE-2022-38125LOWCVSS 2.9EG 2.92023-04-19
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
- CVE-2022-43916MEDIUMCVSS 6.8EG 6.82025-01-30
IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods th…
- CVE-2023-25515HIGHCVSS 7.8EG 7.12023-06-23
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure…
- CVE-2023-25518HIGHCVSS 7.1EG 7.12023-06-23
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of …
- CVE-2023-28078CRITICALCVSS 9.1EG 9.12024-02-15
Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a po…
- CVE-2023-28971HIGHCVSS 7.2EG 7.22023-04-17
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an attacker to bypass existing firewall rules an…
- CVE-2023-29108MEDIUMCVSS 5.0EG 5.32023-04-11
The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.
- CVE-2023-44195MEDIUMCVSS 5.4EG 5.42023-10-13
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact…
- CVE-2024-22315MEDIUMCVSS 4.0EG 4.02025-01-28
IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.
- CVE-2024-24974HIGHCVSS 7.5EG 7.52024-07-08
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
- CVE-2024-26013HIGHCVSS 7.5EG 7.52025-04-08
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet Fort…
- CVE-2024-26131HIGHCVSS 8.4EG 8.42024-02-29
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Po…
- CVE-2024-34446HIGHCVSS 7.5EG 7.52024-05-03
Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive D…
- CVE-2024-36252MEDIUMCVSS 6.3EG 6.32024-06-19
Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is inst…
- CVE-2024-39271LOWCVSS 2.6EG 2.62025-02-12
Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure v…
- CVE-2024-39537MEDIUMCVSS 6.5EG 6.52024-07-11
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and av…
- CVE-2024-41889CRITICALCVSS 9.8EG 8.82024-08-05
Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.
- CVE-2024-43571MEDIUMCVSS 5.6EG 5.62024-10-08
Sudo for Windows Spoofing Vulnerability
- CVE-2024-47125HIGHCVSS 8.1EG 5.42024-09-26
The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to the current release for enhanced encryption protocols.
- CVE-2024-47490HIGHCVSS 8.2EG 8.22024-10-11
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause …
- CVE-2024-6222HIGHCVSS 7.0EG 7.02024-07-09
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 htt…
- CVE-2025-12357MEDIUMCVSS 6.3EG 8.32025-10-31
By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. Th…
- CVE-2025-20261HIGHCVSS 8.8EG 8.82025-06-04
A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal se…
- CVE-2025-22251LOWCVSS 3.1EG 3.12025-06-10
An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unau…
- CVE-2025-23178HIGHCVSS 7.6EG 7.62025-04-29
CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
- CVE-2025-29986HIGHCVSS 8.3EG 8.32025-04-08
Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could …
- CVE-2025-31144MEDIUMCVSS 5.8EG 5.82025-04-28
Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system wher…
- CVE-2025-32886MEDIUMCVSS 4.0EG 4.02025-05-01
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sens…
- CVE-2025-33176MEDIUMCVSS 6.2EG 6.22025-11-04
NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, …
- CVE-2025-35978HIGHCVSS 7.1EG 7.12025-06-12
Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary r…
- CVE-2025-36145MEDIUMCVSS 5.4EG 5.42026-05-26
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
- CVE-2025-36180MEDIUMCVSS 5.3EG 5.32026-04-30
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
- CVE-2025-46566CRITICALCVSS 9.8EG 9.82025-05-01
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.
- CVE-2025-48807MEDIUMCVSS 6.7EG 7.52025-08-12
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
- CVE-2025-48999HIGHCVSS 8.8EG 8.82025-06-03
DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement…
- CVE-2025-49734HIGHCVSS 7.0EG 7.02025-09-09
Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.
- CVE-2025-58742MEDIUMCVSS 5.9EG 5.92026-01-20
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by m…
- CVE-2025-61939HIGHCVSS 8.8EG 8.82026-01-07
An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS resp…
- CVE-2026-22726MEDIUMCVSS 5.0EG 5.02026-05-01
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to …
Map vulnerabilities like CWE-923 to your infrastructure
EchelonGraph correlates every CVE — across CWE-923 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →