CWE-99— Improper Control of Resource Identifiers (Resource Injection)

55 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-99page 2 of 2

CVE-2026-10624MEDIUMCVSS 4.3EG 4.3
2026-06-02
A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument e…
CVE-2026-33603MEDIUMCVSS 6.8EG 6.8
2026-05-12
Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the att…
CVE-2026-5414MEDIUMCVSS 5.3EG 5.3
2026-04-02
A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argument DocumentId results in improper cont…
CVE-2026-7303LOWCVSS 3.7EG 3.7
2026-04-28
A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler…
CVE-2026-9438MEDIUMCVSS 5.4EG 5.4
2026-05-25
A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of …

Map vulnerabilities like CWE-99 to your infrastructure

EchelonGraph correlates every CVE — across CWE-99 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →