5 vulnerabilities classified as CWE-1125. AI Chinese analysis included.
CWE-1125 represents a structural weakness where a software product exposes an excessive number of input and output points, thereby expanding its attack surface beyond acceptable security thresholds. This vulnerability is typically exploited by attackers who leverage the abundance of exposed interfaces, such as unused APIs, hidden endpoints, or unnecessary network ports, to discover and target less-protected entry points that may lack adequate validation or authentication mechanisms. By increasing the number of potential access vectors, developers inadvertently provide more opportunities for malicious actors to inject code, escalate privileges, or exfiltrate data. To mitigate this risk, developers must adhere to the principle of least privilege by rigorously auditing and disabling unused features, restricting network accessibility, and implementing strict access controls. Regular security assessments and code reviews help identify and remove superfluous interfaces, ensuring that only essential communication channels remain active and secured against unauthorized access.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-5386 | Account Hijacking via Password Reset Token Leak in lunary-ai/lunary — lunary-ai/lunary | 8.1AI | HighAI | 2026-02-02 |
| CVE-2023-49722 | Bosch BCC101 安全漏洞 — BCC101 | 8.3 | High | 2024-01-09 |
| CVE-2023-0435 | Excessive Attack Surface in pyload/pyload — pyload/pyload | 9.8 | - | 2023-01-22 |
| CVE-2022-2037 | Excessive Attack Surface in tooljet/tooljet — tooljet/tooljet | 8.0 | - | 2022-06-09 |
| CVE-2022-1715 | Account Takeover in neorazorx/facturascripts — neorazorx/facturascripts | 9.8 | - | 2022-05-13 |
Vulnerabilities classified as CWE-1125 represent 5 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.