Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-150 (转义、元或控制序列转义处理不恰当) — Vulnerability Class 37

37 vulnerabilities classified as CWE-150 (转义、元或控制序列转义处理不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters — CPython 6.1AIMediumAI2026-04-22
CVE-2026-40505 MuPDF < 1.27 mutool ANSI Injection via Metadata — MuPDF 3.3 Low2026-04-16
CVE-2026-26149 Microsoft Power Apps Spoofing Vulnerability — Microsoft Power Apps 9.0 Critical2026-04-14
CVE-2026-35651 OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval Prompt — OpenClaw 4.3 Medium2026-04-10
CVE-2026-3108 Terminal Escape Injection in mmctl Report Posts Command — Mattermost 8.0 High2026-03-26
CVE-2025-62845 QuRouter — QuRouter 7.8 -2026-03-20
CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode — inspektor-gadget 9.4AICriticalAI2026-02-12
CVE-2025-15311 Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. — Tanium Appliance 7.8 High2026-02-05
CVE-2026-21521 Word Copilot Information Disclosure Vulnerability — Microsoft 365 Word Copilot 7.4 High2026-01-22
CVE-2026-21439 badkeys vulnerable to ASCII control character injection on console via malformed input — badkeys 5.3 -2026-01-05
CVE-2025-65082 Apache HTTP Server: CGI environment variable override — Apache HTTP Server 7.5 -2025-12-05
CVE-2025-64494 Soft Serve does not sanitize ANSI escape sequences in user input — soft-serve 4.6 Medium2025-11-08
CVE-2025-55754 Apache Tomcat: console manipulation via escape sequences in log messages — Apache Tomcat 8.8 -2025-10-27
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences — tracing 7.1 -2025-08-29
CVE-2025-55193 Active Record logging vulnerable to ANSI escape injection — rails 5.3AIMediumAI2025-08-13
CVE-2024-47252 Apache HTTP Server: mod_ssl error log variable escaping — Apache HTTP Server 5.3AIMediumAI2025-07-10
CVE-2025-47284 Gardener vulnerable to metadata injection for a project secret that can lead to privilege escalation — gardener 9.1AICriticalAI2025-05-19
CVE-2024-58251 BusyBox 安全漏洞 — BusyBox 2.5 Low2025-04-23
CVE-2025-30089 gurk 安全漏洞 — gurk 5.4 Medium2025-03-16
CVE-2025-0975 IBM MQ code execution — MQ 8.8 High2025-02-28
CVE-2025-1693 MongoDB Shell may be susceptible to control character Injection via shell output — mongosh 3.9 Low2025-02-27
CVE-2025-1692 MongoDB Shell may be susceptible to control character injection via pasting — mongosh 6.3 Medium2025-02-27
CVE-2025-25286 Crayfish allows Remote Code Execution via Homarus Authorization header — Crayfish 9.8 Critical2025-02-13
CVE-2024-9774 Python-sql: python-sql unary operators does not escape non-expression 9.8AICriticalAI2024-12-27
CVE-2024-56201 Jinja has a sandbox breakout through malicious filenames — jinja 8.1 -2024-12-23
CVE-2024-43785 gitoxide-core does not neutralize special characters for terminals — gitoxide 2.5 Low2024-08-22
CVE-2024-27936 Deno interactive permission prompt spoofing via improper ANSI stripping — deno 8.8 High2024-03-06
CVE-2023-40185 Shescape on Windows escaping may be bypassed in threaded context — shescape 6.5 Medium2023-08-23
CVE-2023-3265 Cyber Power Systems CyberPower PowerPanel Enterprise 安全漏洞 — PowerPanel Enterprise 9.8 Critical2023-08-14
CVE-2023-39342 Dangerzone CLI does not sanitize ANSI escape characters — dangerzone 3.6 Low2023-08-08

Vulnerabilities classified as CWE-150 (转义、元或控制序列转义处理不恰当) represent 37 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.