Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-346 (源验证错误) — Vulnerability Class 152

152 vulnerabilities classified as CWE-346 (源验证错误). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12973 Host Header Injection in Akinsoft's OctoCloud — OctoCloud 4.7 Medium2025-09-02
CVE-2025-52621 HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning — BigFix SaaS Remediate 5.3 Medium2025-08-15
CVE-2025-53399 rtpengine 访问控制错误漏洞 — rtpengine 4.8 -2025-08-01
CVE-2025-7365 Keycloak: phishing attack via email verification step in first login flow 7.1 High2025-07-10
CVE-2025-53600 Naver Whale Browser 安全漏洞 — NAVER Whale browser 8.2 -2025-07-04
CVE-2025-5824 Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability — Autel MaxiCharger AC Wallbox Commercial 8.8AIHighAI2025-06-25
CVE-2025-42998 Security misconfiguration vulnerability in SAP Business One Integration Framework — SAP Business One Integration Framework 5.3 Medium2025-06-10
CVE-2024-31127 MacOS Zscaler Client Connector Local Privilege Escalation — Client Connector 7.3 High2025-06-04
CVE-2025-30360 webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser — webpack-dev-server 6.5 Medium2025-06-03
CVE-2025-5320 gradio-app gradio CORS is_valid_origin privilege escalation — gradio 3.7 Low2025-05-29
CVE-2025-46737 Origin Validation Error — SEL-5037 Grid Configurator 7.4 High2025-05-12
CVE-2025-3462 ASUS DriverHub 安全漏洞 — DriverHub 10.0AICriticalAI2025-05-09
CVE-2025-43929 kitty 安全漏洞 — kitty 4.1 Medium2025-04-20
CVE-2025-3651 Command Injection in iManage Work Desktop for Mac's Agent Service — Work Desktop for Mac 8.4AIHighAI2025-04-17
CVE-2024-45354 xiaomi shop application Webview has code execution vulnerability — Xiaomi shop application 4.3 Medium2025-03-27
CVE-2024-45353 quick App has intent redriction vulnerability — quick app framework 4.3 Medium2025-03-27
CVE-2024-45352 Xiaomi smarthome application Webview has code execution vulnerability — Xiaomi smarthome application 8.8 High2025-03-27
CVE-2024-10956 Cross-Site WebSocket Hijacking in binary-husky/gpt_academic — binary-husky/gpt_academic 6.1 -2025-03-20
CVE-2024-8487 CORS Vulnerability in modelscope/agentscope — modelscope/agentscope 9.1 -2025-03-20
CVE-2024-8183 CORS Misconfiguration in prefecthq/prefect — prefecthq/prefect 9.1 -2025-03-20
CVE-2024-11602 CORS Vulnerability in feast-dev/feast — feast-dev/feast 7.5 -2025-03-20
CVE-2024-6844 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors — corydolphin/flask-cors 6.5 -2025-03-20
CVE-2024-8024 CORS Misconfiguration in netease-youdao/qanything — netease-youdao/qanything 7.5 -2025-03-20
CVE-2024-7819 CORS Misconfiguration in danswer-ai/danswer — danswer-ai/danswer 6.5 -2025-03-20
CVE-2025-2346 IROAD Dash Cam X5/Dash Cam X6 Domain origin validation — Dash Cam X5 5.6 Medium2025-03-16
CVE-2025-25306 Misskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated Notes — misskey 9.3 Critical2025-03-10
CVE-2025-25302 Rembg CORS misconfiguration — rembg 5.9 -2025-03-03
CVE-2025-1102 Q-Free MAXTIME Suite 访问控制错误漏洞 — MaxTime 5.5 Medium2025-02-12
CVE-2024-55948 Anonymous cache poisoning via XHR requests in Discourse — discourse 8.2 High2025-02-04
CVE-2025-23023 Anonymous cache poisoning via request headers in Discourse — discourse 8.2 High2025-02-04

Vulnerabilities classified as CWE-346 (源验证错误) represent 152 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.