Skip to main content

CWE-941

Incorrectly Specified Destination in a Communication Channel

6 CVEs Avg CVSS 7.5 MITRE
2
CRITICAL
2
HIGH
2
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2026-40118 MEDIUM This Month

UDP Console in Arcserve allows information disclosure when an administrator configures the activation server hostname to an arbitrary or malicious URL, causing the product to unintentionally communicate with and leak data to the attacker-controlled domain. The vulnerability requires user interaction (configuring a malicious hostname) and affects all versions of Arcserve UDP Console, with CVSS 6.3 (network-accessible, low complexity) indicating moderate real-world risk. No active exploitation or public proof-of-concept has been identified at the time of analysis.

Information Disclosure Udp Console
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-69515 CRITICAL Act Now

GPS spoofing vulnerability in JXL 9 Inch Car Android Double Din Player (Android 12.0) allows unauthenticated remote attackers to inject falsified GPS signals that the infotainment system accepts as legitimate, forcing incorrect or static location reporting. Exploitation requires no user interaction and achieves high integrity and availability impact through manipulation of navigation data. No public exploit identified at time of analysis. CVSS 9.1 reflects network-accessible attack vector with low complexity.

Google Information Disclosure N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-53899 HIGH PATCH This Week

Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Kiteworks Managed File Transfer
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-34947 CRITICAL Act Now

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.4
EPSS
0.4%
CVE-2023-33198 HIGH PATCH This Week

tgstation-server is a production scale tool for BYOND server management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tgstation Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-4847 Go MEDIUM POC PATCH This Month

Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
EPSS 0% CVSS 5.1
MEDIUM This Month

UDP Console in Arcserve allows information disclosure when an administrator configures the activation server hostname to an arbitrary or malicious URL, causing the product to unintentionally communicate with and leak data to the attacker-controlled domain. The vulnerability requires user interaction (configuring a malicious hostname) and affects all versions of Arcserve UDP Console, with CVSS 6.3 (network-accessible, low complexity) indicating moderate real-world risk. No active exploitation or public proof-of-concept has been identified at the time of analysis.

Information Disclosure Udp Console
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

GPS spoofing vulnerability in JXL 9 Inch Car Android Double Din Player (Android 12.0) allows unauthenticated remote attackers to inject falsified GPS signals that the infotainment system accepts as legitimate, forcing incorrect or static location reporting. Exploitation requires no user interaction and achieves high integrity and availability impact through manipulation of navigation data. No public exploit identified at time of analysis. CVSS 9.1 reflects network-accessible attack vector with low complexity.

Google Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Kiteworks Managed File Transfer
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL Act Now

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

tgstation-server is a production scale tool for BYOND server management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tgstation Server
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy