Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-15 (系统设置或配置在外部可控制) — Vulnerability Class 53

53 vulnerabilities classified as CWE-15 (系统设置或配置在外部可控制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41294 OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File — OpenClaw 8.6 High2026-04-20
CVE-2026-0232 Cortex XDR Agent: Local Administrator can disable the agent on Windows — Cortex XDR Agent 6.0 -2026-04-13
CVE-2026-35650 OpenClaw < 2026.3.22 - Environment Variable Override Bypass via Inconsistent Sanitization — OpenClaw 7.5 High2026-04-10
CVE-2026-33092 Acronis True Image 安全漏洞 — Acronis True Image OEM 7.8AIHighAI2026-04-10
CVE-2026-30817 Arbitrary File Reading Vulnerability in dnsmasq Module in TP-Link AX53 — AX53 v1.0 5.7AIMediumAI2026-04-08
CVE-2026-30816 Arbitrary File Reading Vulnerability in OpenVPN Module in TP-Link AX53 — AX53 v1.0 5.7AIMediumAI2026-04-08
CVE-2026-22177 OpenClaw < 2026.2.21 - Environment Variable Injection via Config env.vars — OpenClaw 6.1 Medium2026-03-18
CVE-2026-21422 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 3.4 Low2026-03-04
CVE-2026-27203 eBay API MCP Server Affected by Environment Variable Injection — ebay-mcp 8.3 High2026-02-20
CVE-2025-13091 Shopire <= 1.0.57 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install — Shopire 4.3 Medium2026-02-19
CVE-2026-22708 Cursor has a Terminal Tool Allowlist Bypass via Environment Variables — cursor 9.1AICriticalAI2026-01-14
CVE-2026-0495 Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation) — SAP Fiori App (Intercompany Balance Reconciliation) 5.1 Medium2026-01-13
CVE-2025-64726 External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw — firewall-release 7.8 -2025-11-13
CVE-2025-62527 Taguette vulnerable to password reset link poisoning — taguette 7.1 High2025-10-20
CVE-2025-43792 Liferay Portal和Liferay DXP 安全漏洞 — Portal 8.1AIHighAI2025-09-15
CVE-2025-41452 Post auth nginx configuration injection in Danfoss AK-SM8xxA Series — AK-SM8xxA Series 5.3AIMediumAI2025-08-22
CVE-2025-8283 Netavark: podman: netavark may resolve hostnames to unexpected hosts 3.7 Low2025-07-28
CVE-2025-27889 多款产品安全漏洞 — Wing FTP Server 3.4 Low2025-07-10
CVE-2025-30512 Growatt Cloud portal External Control of System or Configuration Setting — Cloud portal 6.5 Medium2025-04-15
CVE-2025-27253 GE Vernova UR IED 输入验证错误漏洞 — N60 multilin 6.1 Medium2025-03-10
CVE-2025-0425 Local Privilege Escalation via Config Manipulation — bestinformed Infoclient 8.8 -2025-02-18
CVE-2024-11166 Traffic Alert and Collision Avoidance System (TCAS) II has an External Control of System or Configuration Setting vulnerability — Collision Avoidance Systems 5.3 -2025-01-22
CVE-2024-39799 WAVLINK AC3000 安全漏洞 — Wavlink AC3000 9.1 Critical2025-01-14
CVE-2024-39800 WAVLINK AC3000 安全漏洞 — Wavlink AC3000 9.1 Critical2025-01-14
CVE-2024-39798 WAVLINK AC3000 安全漏洞 — Wavlink AC3000 9.1 Critical2025-01-14
CVE-2024-38666 WAVLINK AC3000 安全漏洞 — Wavlink AC3000 9.1 Critical2025-01-14
CVE-2024-39602 WAVLINK AC3000 安全漏洞 — Wavlink AC3000 9.1 Critical2025-01-14
CVE-2024-39795 WAVLINK AC3000 安全漏洞 — Wavlink AC3000 9.1 Critical2025-01-14
CVE-2024-39794 WAVLINK AC3000 安全漏洞 — Wavlink AC3000 9.1 Critical2025-01-14
CVE-2024-39793 WAVLINK AC3000 安全漏洞 — Wavlink AC3000 9.1 Critical2025-01-14

Vulnerabilities classified as CWE-15 (系统设置或配置在外部可控制) represent 53 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.