CWE-99— Improper Control of Resource Identifiers (Resource Injection)
The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.— MITRE CWE catalog
61 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-99page 2 of 2
- CVE-2026-10299LOWCVSS 3.8EG 3.82026-06-01
A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resourc…
- CVE-2026-10624MEDIUMCVSS 4.3EG 4.32026-06-02
A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument e…
- CVE-2026-12207MEDIUMCVSS 4.3EG 4.32026-06-15
A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the compo…
- CVE-2026-13493LOWCVSS 3.1EG 3.12026-06-28
A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can…
- CVE-2026-15186MEDIUMCVSS 6.3EG 6.32026-07-09
A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resourc…
- CVE-2026-33603MEDIUMCVSS 6.8EG 6.82026-05-12
Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the att…
- CVE-2026-3693HIGHCVSS 7.3EG 7.32026-03-08
A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argumen…
- CVE-2026-5031MEDIUMCVSS 4.3EG 4.32026-03-29
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control o…
- CVE-2026-5414MEDIUMCVSS 5.3EG 5.32026-04-02
A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argument DocumentId results in improper cont…
- CVE-2026-7303LOWCVSS 3.7EG 3.72026-04-28
A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler…
- CVE-2026-9438MEDIUMCVSS 5.4EG 5.42026-05-25
A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of …
Map vulnerabilities like CWE-99 to your infrastructure
EchelonGraph correlates every CVE — across CWE-99 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →