Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-470 (使用外部可控制的输入来选择类或代码(不安全的反射)) — Vulnerability Class 32

32 vulnerabilities classified as CWE-470 (使用外部可控制的输入来选择类或代码(不安全的反射)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41175 Statamic: Unsafe method invocation via query value resolution allows data destruction — cms 8.1 High2026-04-22
CVE-2018-25239 Smart VPN 1.1.3.0 Denial of Service via Search — Smart VPN 6.2 Medium2026-04-04
CVE-2026-23923 Unauthenticated arbitrary PHP class instantiation — Zabbix 9.8 -2026-03-24
CVE-2026-33157 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior — cms 8.8 -2026-03-24
CVE-2026-32264 Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController — cms 7.2AIHighAI2026-03-16
CVE-2026-32263 Craft CMS vulnerable to behavior injection RCE via EntryTypesController — cms 9.1AICriticalAI2026-03-16
CVE-2026-25498 Craft has a potential authenticated Remote Code Execution via malicious attached Behavior — cms 7.2AIHighAI2026-02-09
CVE-2025-68455 Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior — cms 7.2 -2026-01-05
CVE-2025-34393 Barracuda RMM < 2025.1.1 Service Center Insecure Reflection RCE — RMM 9.8AICriticalAI2025-12-10
CVE-2025-12967 Npgsql 安全漏洞 — JDBC Wrapper 8.0 High2025-11-10
CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation — astro 6.5 Medium2025-10-10
CVE-2025-53693 HTML Cache Poisoning through Unsafe Reflections — Sitecore Experience Manager (XM) 9.8 Critical2025-09-03
CVE-2025-31119 CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework — generator-jhipster-entity-audit 7.7 High2025-04-03
CVE-2025-2794 Kentico Xperience <= 13.0.180 Unsafe Reflection — Xperience 7.5 -2025-03-31
CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2 — yiisoft/yii2 9.8 -2025-03-20
CVE-2024-53850 The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation — addressing 8.2 High2024-12-26
CVE-2024-7059 Genetec Security Center 安全漏洞 — Genetec Security Center 8.0 High2024-11-05
CVE-2024-8015 Telerik Report Server Insecure Type Resolution — Telerik Reporting 9.1 Critical2024-10-09
CVE-2024-8048 Telerik Reporting Insecure Expression Evaluation — Telerik Reporting 7.8 High2024-10-09
CVE-2024-8014 Telerik Reporting EntityDataSource Insecure Type Resolution — Telerik Reporting 8.8 High2024-10-09
CVE-2024-6096 Unsafe Deserialization Vulnerability — Telerik Reporting 8.8 High2024-07-24
CVE-2024-1574 Mitsubishi Electric MC Works64 安全漏洞 — GENESIS64 6.7 Medium2024-07-04
CVE-2024-28121 Reflex arbitrary method call in stimulus_reflex — stimulus_reflex 8.8 High2024-03-12
CVE-2023-6943 Mitsubishi Electric 多款产品安全漏洞 — EZSocket 9.8 Critical2024-01-30
CVE-2024-0200 Unsafe Reflection in Github Enterprise Server leading to Command Injection — Enterprise Server 7.2 High2024-01-16
CVE-2023-32217 SailPoint IdentityIQ Unsafe use of Reflection Vulnerability — IdentityIQ 9.0 Critical2023-05-31
CVE-2023-0460 Remote code execution in YouTube Android Player API SDK — YouTube Android Player API SDK 5.1 Medium2023-03-01
CVE-2022-41853 Remote code execution in HyperSQL DataBase — hsqldb 8.0 High2022-10-06
CVE-2022-23744 Check Point Endpoint Security Client 安全漏洞 — Enterprise Endpoint Security Windows Clients. 3.4 -2022-07-07
CVE-2020-7857 Tobesoft Xplatform 输入验证错误漏洞 — XPlatform 7.5 High2021-04-20

Vulnerabilities classified as CWE-470 (使用外部可控制的输入来选择类或代码(不安全的反射)) represent 32 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.