IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
CVSS
5.3
MEDIUM
Published
Apr 30, 2026
Loading
CWE hub
This hub groups CVEs that NVD maps to CWE-923, so you can review recent disclosures, common vendors, and related weakness patterns in one place.
Mapped CVEs
10
Records currently returned for this weakness id.
Top vendor
cryptomator
3 mapped CVEs in the aggregate scan.
Top product
cryptomator
3 mapped CVEs in the aggregate scan.
KEV on page
0
Visible rows already present in the CISA KEV catalog.
Top products
Related CWEs
Search results
Showing 1-10 of 10 vulnerabilities.
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
CVSS
5.3
MEDIUM
Published
Apr 30, 2026
Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuration does not restrict access to the app as intended, allowing any device on the same network to reach these endpoints without authentication. Home Assistant Supervisor 2026.03.02 addresses the issue.
Affected vendor
Structured metadata unavailable
Affected product
Product metadata unavailable
Coverage
No structured product entries
CVSS
9.6
CRITICAL
Published
Mar 27, 2026
IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.
CVSS
5.1
MEDIUM
Published
Mar 25, 2026
Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 2.8.3.
CVSS
7.6
HIGH
Published
Mar 20, 2026
Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.12.3.
CVSS
7.6
HIGH
Published
Mar 20, 2026
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.19.1.
CVSS
7.6
HIGH
Published
Mar 20, 2026
An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later
CVSS
0.9
LOW
Published
Mar 20, 2026
Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVSS
7.5
HIGH
Published
Mar 10, 2026
A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable.
Affected vendor
Structured metadata unavailable
Affected product
Product metadata unavailable
Coverage
No structured product entries
CVSS
2.4
LOW
Published
Mar 10, 2026
An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker controlled device.
Affected vendor
columbiaweatherAffected product
weather microserver firmwareCoverage
Single affected product entry
CVSS
8.7
HIGH
Published
Jan 7, 2026