Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-636 (未能安全地进行程序失效(Failing Open)) — Vulnerability Class 18

18 vulnerabilities classified as CWE-636 (未能安全地进行程序失效(Failing Open)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41334 OpenClaw < 2026.3.31 - Decompression Bomb Denial of Service via Image Pixel-Limit Guard Bypass — OpenClaw 6.5 Medium2026-04-23
CVE-2026-40525 OpenViking < 0.3.9 Authentication Bypass via VikingBot OpenAPI — OpenViking 9.1 Critical2026-04-17
CVE-2026-35205 Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install — helm 8.1AIHighAI2026-04-09
CVE-2026-32970 OpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs — OpenClaw 2.5 Low2026-03-31
CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback — pyopenssl 5.3 -2026-03-17
CVE-2025-41760 Pass filter with Empty Table — UBR-01 Mk II 4.9 Medium2026-03-09
CVE-2025-41759 Use of wildcard (“*” or “all”) in Block list — UBR-01 Mk II 4.9 Medium2026-03-09
CVE-2026-22034 Snuffleupagus vulnerable to RCE on instances with upload validation enabled but without the VLD package — snuffleupagus 9.8 -2026-01-08
CVE-2025-54870 VTun-ng's failure to initialize encryption modules may cause reversion to plaintext — vtun-ng 7.5AIHighAI2025-08-05
CVE-2025-21210 Windows BitLocker Information Disclosure Vulnerability — Windows 10 Version 1507 4.2 Medium2025-01-14
CVE-2024-8185 Vault Vulnerable to Denial of Service When Processing Raft Join Requests — Vault 7.5 High2024-10-31
CVE-2024-43532 Remote Registry Service Elevation of Privilege Vulnerability — Windows 10 Version 1809 8.8 High2024-10-08
CVE-2024-3729 Frontend Admin by DynamiApps <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation — Frontend Admin by DynamiApps 9.8 Critical2024-05-02
CVE-2024-2660 Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses — Vault 6.4 Medium2024-04-04
CVE-2023-4030 Lenovo ThinkPad 安全漏洞 — ThinkPad 8.4 High2023-08-17
CVE-2023-22943 Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDK — Splunk Add-on Builder 4.8 Medium2023-02-14
CVE-2021-1578 Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability — Cisco Application Policy Infrastructure Controller (APIC) 8.8 High2021-08-25
CVE-2021-3614 Lenovo BIOS 安全漏洞 — Notebook BIOS 6.4 Medium2021-07-16

Vulnerabilities classified as CWE-636 (未能安全地进行程序失效(Failing Open)) represent 18 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.