Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

CWE-436 (解释冲突) — Vulnerability Class 41

41 vulnerabilities classified as CWE-436 (解释冲突). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPaused
CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass — astro 9.1 Critical2026-04-24
CVE-2026-33804 @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option — @fastify/middie 7.4 High2026-04-16
CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes — @fastify/middie 9.1 Critical2026-04-16
CVE-2026-33807 @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes — @fastify/express 9.1 Critical2026-04-15
CVE-2026-33808 @fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons) — @fastify/express 9.1 -2026-04-15
CVE-2026-35200 Parse Server has a file upload Content-Type override via extension mismatch — parse-server 8.2AIHighAI2026-04-06
CVE-2026-32762 Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing — rack 4.8 Medium2026-04-02
CVE-2026-26961 Rack: Multipart Boundary Parsing Ambiguity allowing WAF Bypass — rack 3.7 Low2026-04-02
CVE-2026-32065 OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution — OpenClaw 4.8 Medium2026-03-21
CVE-2026-32052 OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers — OpenClaw 6.4 Medium2026-03-21
CVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extraction — tokio-tar 9.1 -2026-03-20
CVE-2026-27444 Header Email Address Parsing — Secure Email Gateway 9.1AICriticalAI2026-03-04
CVE-2026-0958 Interpretation Conflict in GitLab — GitLab 7.5 High2026-02-11
CVE-2026-25223 Fastify's Content-Type header tab character allows body validation bypass — fastify 7.5 High2026-02-03
CVE-2025-66490 Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules — traefik 9.8AICriticalAI2025-12-09
CVE-2025-54368 uv is vulnerable to ZIP payload obfuscation through parsing differentials — uv 9.1 -2025-08-08
CVE-2025-48384 Git allows arbitrary code execution through broken config quoting — git 8.1 High2025-07-08
CVE-2025-24013 CodeIgniter validation of header name and value — CodeIgniter4 5.3 Medium2025-01-20
CVE-2024-20293 Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 5.8 Medium2024-05-22
CVE-2023-39481 Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability — Secure Integration Server 8.8 -2024-05-03
CVE-2024-3386 PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended — PAN-OS 5.3 Medium2024-04-10
CVE-2024-29034 CarrierWave's Content-Type allowlist bypass vulnerability which possibly leads to XSS remained — carrierwave 6.8 Medium2024-03-24
CVE-2024-24754 Bref Body Parsing Inconsistency in Event-Driven Functions — bref 3.7 Low2024-02-01
CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2 — bref 4.8 Medium2024-02-01
CVE-2023-49284 Command substitution output can trigger shell expansion in fish shell — fish-shell 3.9 Low2023-12-04
CVE-2023-40718 Fortinet FortiOS IPS Engine 安全漏洞 — IPS Engine 6.7 High2023-10-10
CVE-2023-36456 Authentik lacks Proxy IP headers validation — authentik 8.3 High2023-07-06
CVE-2023-30541 TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts — openzeppelin-contracts 5.3 Medium2023-04-17
CVE-2023-30536 Insecure header validation in slim/psr7 — Slim-Psr7 6.5 Medium2023-04-17
CVE-2023-29197 Improper header name validation in guzzlehttp/psr7 — psr7 5.3 Medium2023-04-17

Vulnerabilities classified as CWE-436 (解释冲突) represent 41 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.