10 vulnerabilities classified as CWE-180 (不正确的行为次序:规范化之前验证). AI Chinese analysis included.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39409 | Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses — hono | 9.1AI | CriticalAI | 2026-04-08 |
| CVE-2026-39364 | Vite has a `server.fs.deny` bypass with queries — vite | 7.5 | - | 2026-04-07 |
| CVE-2026-34786 | Rack: Rack::Static header_rules bypass via URL-encoded paths — rack | 5.3 | Medium | 2026-04-02 |
| CVE-2026-34475 | Varnish Cache 安全漏洞 — Varnish Cache | 5.4 | Medium | 2026-03-27 |
| CVE-2026-24895 | FrankenPHP affected by Path Confusion via Unicode casing in CGI path splitting allows execution of arbitrary files — frankenphp | 8.2AI | HighAI | 2026-02-12 |
| CVE-2025-33194 | NVIDIA DGX Spark 安全漏洞 — DGX Spark | 5.7 | Medium | 2025-11-25 |
| CVE-2025-43716 | Ivanti LANDesk Management Gateway 安全漏洞 — LANDesk Management Suite | 5.8 | Medium | 2025-04-23 |
| CVE-2024-28607 | IP Util Functions Library 安全漏洞 — IP-Utils | 2.9 | Low | 2025-03-11 |
| CVE-2022-26137 | Atlassian Crowd和Atlassian Jira 访问控制错误漏洞 — Bamboo Server | 8.8 | - | 2022-07-20 |
| CVE-2022-26136 | Atlassian Crowd和Atlassian Jira 授权问题漏洞 — Bamboo Server | 8.8 | - | 2022-07-20 |
Vulnerabilities classified as CWE-180 (不正确的行为次序:规范化之前验证) represent 10 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.