CWE-472 (对假设不可变Web参数的外部可控制) — Vulnerability Class 70

70 vulnerabilities classified as CWE-472 (对假设不可变Web参数的外部可控制). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Paused
CVE-2026-41353	OpenClaw < 2026.3.22 - allowProfiles Bypass via Profile Mutation and Runtime Selection — OpenClaw	8.1	High	2026-04-23
CVE-2026-2519	Online Scheduling and Appointment Booking System – Bookly <= 27.0 - Unauthenticated Price Manipulation via 'tips' — Online Scheduling and Appointment Booking System – Bookly	5.3	Medium	2026-04-09
CVE-2026-5912	Google Chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2026-04-08
CVE-2026-5910	Google Chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2026-04-08
CVE-2026-5908	Google Chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2026-04-08
CVE-2026-5909	Google Chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2026-04-08
CVE-2026-5870	Google Chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2026-04-08
CVE-2026-5859	Google Chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2026-04-08
CVE-2026-34751	Payload has Unvalidated Input in Password Recovery Endpoints — payload	9.1	Critical	2026-04-01
CVE-2026-5277	Google Chrome 安全漏洞 — Chrome	8.8	-	2026-04-01
CVE-2026-5274	Google Chrome 安全漏洞 — Chrome	8.8	-	2026-04-01
CVE-2026-4679	Google Chrome 输入验证错误漏洞 — Chrome	8.8	-	2026-03-24
CVE-2026-4464	Google Chrome 输入验证错误漏洞 — Chrome	8.8	-	2026-03-20
CVE-2026-4453	Google Chrome 输入验证错误漏洞 — Chrome	6.5	-	2026-03-20
CVE-2026-4452	Google Chrome 输入验证错误漏洞 — Chrome	8.8	-	2026-03-20
CVE-2026-3914	Google Chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2026-03-11
CVE-2026-3538	Google Chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2026-03-04
CVE-2026-3536	Google Chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2026-03-04
CVE-2026-2649	Google Chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2026-02-18
CVE-2025-14750	External Control of Assumed-Immutable Web Parameter in Weintek cMT X Series HMI EasyWeb Service — cMT3072XH	8.0^AI	High^AI	2026-01-22
CVE-2025-67846	Mintlify 安全漏洞 — Mintlify Platform	4.9	Medium	2025-12-19
CVE-2025-66385	Cerebrate 安全漏洞 — Cerebrate	8.8	-	2025-11-28
CVE-2025-10891	Google Chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2025-09-24
CVE-2025-10892	Google Chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2025-09-24
CVE-2025-54551	FUJIFILM Synapse Mobility 安全漏洞 — Synapse Mobility	4.3	Medium	2025-08-20
CVE-2025-54832	OPEXUS FOIAXpress Public Access Link (PAL) state and territory list unauthorized modification — FOIAXpress Public Access Link (PAL)	4.3	Medium	2025-07-31
CVE-2025-8198	MinimogWP – The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price Manipulation — MinimogWP – The High Converting eCommerce WordPress Theme	7.5	High	2025-07-26
CVE-2025-7656	Google Chrome 安全漏洞 — Chrome	8.8	-	2025-07-15
CVE-2025-6191	Google chrome 安全漏洞 — Chrome	8.8^AI	High^AI	2025-06-18
CVE-2025-43002	Missing Authorization check in SAP S4/HANA (OData meta-data property) — SAP S4/HANA (OData meta-data property)	4.3	Medium	2025-05-13

Vulnerabilities classified as CWE-472 (对假设不可变Web参数的外部可控制) represent 70 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Support Us — Your donation helps us keep running

CWE-472 (对假设不可变Web参数的外部可控制) — Vulnerability Class 70