Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-183 (宽松定义的白名单) — Vulnerability Class 24

24 vulnerabilities classified as CWE-183 (宽松定义的白名单). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-42042 Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion — axios 5.4 Medium2026-04-24
CVE-2026-42043 Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0 — axios 7.2 High2026-04-24
CVE-2026-41240 DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix) — DOMPurify 7.2AIHighAI2026-04-23
CVE-2026-40899 DataEase has an Arbitrary File Read Vulnerability — dataease 8.3AIHighAI2026-04-16
CVE-2026-35649 OpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty Allowlist — OpenClaw 6.5 Medium2026-04-10
CVE-2026-21915 JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root — JSI LWC 6.7 Medium2026-04-09
CVE-2026-33979 Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk) — express-xss-sanitizer 8.2 High2026-03-27
CVE-2026-32881 ewe has an Overly Permissive List of Allowed Inputs — ewe 5.3 Medium2026-03-20
CVE-2026-2303 Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leak — MongoDB Go Driver 6.5 Medium2026-02-10
CVE-2025-59457 JetBrains TeamCity 安全漏洞 — TeamCity 7.7 High2025-09-17
CVE-2025-53762 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft Purview 8.7 High2025-07-18
CVE-2025-24349 Bosch Rexroth ctrlX OS 安全漏洞 — ctrlX OS - Device Admin 7.1 High2025-04-30
CVE-2024-47565 Siemens SINEC Security Monitor 安全漏洞 — SINEC Security Monitor 4.3 Medium2024-10-08
CVE-2024-38522 CSP bypass in Hush Line — hushline 6.3 Medium2024-06-28
CVE-2023-7250 Iperf3: possible denial of service — Red Hat Enterprise Linux 8 5.3 Medium2024-03-18
CVE-2024-1654 Unauthorized write operations in PaperCut NG/MF — PaperCut NG, PaperCut MF 7.2 High2024-03-14
CVE-2023-4399 Grafana 安全漏洞 — Grafana Enterprise 6.6 Medium2023-10-17
CVE-2022-42469 Fortinet FortiGate 安全漏洞 — FortiOS 4.1 Medium2023-04-11
CVE-2022-34450 Dell PowerPath Management Appliance 安全漏洞 — PowerPath Management Appliance 6.7 Medium2023-02-10
CVE-2022-23158 Dell Wyse Device Agent 信息泄露漏洞 — Dell Wyse Device Agent 6.0 Medium2022-04-01
CVE-2021-40128 Cisco Webex Meetings Email Content Injection Vulnerability — Cisco Webex Meetings 5.3 Medium2021-11-04
CVE-2021-34787 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Identity-Based Rule Bypass Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 5.3 Medium2021-10-27
CVE-2020-25696 PostgreSQL 安全漏洞 — PostgreSQL 8.1 -2020-11-23
CVE-2020-1694 Red Hat Keycloak 安全漏洞 — keycloak 6.5 -2020-09-16

Vulnerabilities classified as CWE-183 (宽松定义的白名单) represent 24 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.