Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-472 (对假设不可变Web参数的外部可控制) — Vulnerability Class 70

70 vulnerabilities classified as CWE-472 (对假设不可变Web参数的外部可控制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-47817 Checkmate 安全漏洞 — Checkmate 8.8 High2025-05-10
CVE-2025-35939 Craft CMS stores user-provided content in session files — CMS 5.3 Medium2025-05-07
CVE-2025-47245 Checkmate 安全漏洞 — Checkmate 8.1 High2025-05-03
CVE-2025-3743 Upsell Funnel Builder for WooCommerce <= 3.0.0 - Unauthenticated Order Manipulation — Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups. 5.3 Medium2025-04-25
CVE-2025-3530 WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price Manipulation — Simple Shopping Cart 7.5 High2025-04-23
CVE-2025-31327 OData meta-data property entity tampering in SAP Field Logistics — SAP Field Logistics 4.3 Medium2025-04-22
CVE-2025-32816 CourseLit 安全漏洞 — CourseLit 3.1 Low2025-04-11
CVE-2025-31333 Odata meta-data tampering in SAP S4CORE entity — SAP S4CORE entity 4.3 Medium2025-04-08
CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout — PayPalPlugin 6.5 Medium2025-03-19
CVE-2025-30236 Shearwater SecurEnvoy SecurAccess Enrol 安全漏洞 — SecurAccess 8.6 High2025-03-19
CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability — PayPalPlugin 6.5 Medium2025-03-17
CVE-2025-26312 SendQuick Entera 安全漏洞 — Entera 9.1 -2025-03-14
CVE-2025-27893 Archer Platform 安全漏洞 — Archer 1.8 Low2025-03-11
CVE-2025-0436 Google Chrome 安全漏洞 — Chrome 8.8 -2025-01-15
CVE-2025-22384 Optimizely Configured Commerce 安全漏洞 — n/a 5.3 -2025-01-04
CVE-2024-50703 TeamPass 安全漏洞 — TeamPass 5.4 Medium2024-12-30
CVE-2024-12123 Unauthorized Modification of Ticket Requester — Issuetrak 4.3 -2024-12-04
CVE-2024-7025 Microsoft Edge 安全漏洞 — Chrome 8.8 -2024-11-27
CVE-2024-9123 Google Chrome 安全漏洞 — Chrome 8.8AIHighAI2024-09-24
CVE-2024-6010 Cost Calculator Builder PRO <= 3.2.1 - Unauthenticated Price Manipulation — Cost Calculator Builder PRO 5.3 Medium2024-09-07
CVE-2023-38520 WordPress Pinpoint Booking System plugin <= 2.9.9.3.4 - Parameter Tampering — Pinpoint Booking System 6.5 Medium2024-06-04
CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability — Booking calendar, Appointment Booking System 3.7 Low2024-06-03
CVE-2024-3649 Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2 - Unauthenticated Price Manipulation — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More 5.3 Medium2024-05-02
CVE-2024-25153 Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114 — FileCatalyst 9.8 Critical2024-03-13
CVE-2023-28512 IBM Watson CP4D Data Stores improper input validation — Watson CP4D Data Stores 5.9 Medium2024-03-03
CVE-2024-22049 httparty Multipart/Form-Data Request Tampering Vulnerability 6.5AIMediumAI2024-01-04
CVE-2022-30597 Moodle 安全漏洞 — moodle 5.3 -2022-05-18
CVE-2021-27770 HCL Sametime is vulnerable to arbitrary HTTP requests — Sametime 6.8 Medium2022-05-12
CVE-2021-27769 HCL Sametime is vulnerable to an information disclosure — Sametime 5.3 Medium2022-05-12
CVE-2021-1290 Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities — Cisco Small Business RV Series Router Firmware 9.8 Critical2021-02-04

Vulnerabilities classified as CWE-472 (对假设不可变Web参数的外部可控制) represent 70 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.