Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

CWE-653 (不充分的划分) — Vulnerability Class 34

34 vulnerabilities classified as CWE-653 (不充分的划分). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPaused
CVE-2026-5600 pretix 安全漏洞 — pretix 4.3AIMediumAI2026-04-08
CVE-2026-5599 API allows deletion of users of other instance — Venueless 6.5AIMediumAI2026-04-05
CVE-2026-34775 Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes — electron 6.8 Medium2026-04-03
CVE-2026-4325 Keycloak: keycloak: replay of action tokens via improper handling of single-use entries — Red Hat build of Keycloak 26.2 5.3 Medium2026-04-02
CVE-2026-4282 Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw — Red Hat build of Keycloak 26.2 7.4 High2026-04-02
CVE-2025-12805 Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy — Red Hat OpenShift AI 2.25 8.1 High2026-03-26
CVE-2026-0542 Remote Code Execution in ServiceNow AI Platform — ServiceNow AI Platform 9.8AICriticalAI2026-02-25
CVE-2026-25905 Lack of isolation in mcp-run-python leads to MCP server takeover 5.8 Medium2026-02-09
CVE-2025-53710 Network boundaries not respected in certain Foundry namespaces. — com.palantir.compute:compute-service 7.5 High2025-12-18
CVE-2025-46215 Fortinet FortiSandbox 安全漏洞 — FortiSandbox 5.0 Medium2025-11-18
CVE-2025-41116 Incorrect oauth passthrough in Grafana Databricks Datasource — Grafana Databricks Datasource Plugin 7.5 -2025-11-11
CVE-2025-3717 Incorrect oauth passthrough in Grafana Snowflake Datasource — Grafana Snowflake Datasource Plugin 5.3 -2025-11-11
CVE-2025-12695 Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox 5.9 Medium2025-11-04
CVE-2025-57738 Apache Syncope: Remote Code Execution by delegated administrators — Apache Syncope 7.2AIHighAI2025-10-20
CVE-2025-34201 Vasion Print (formerly PrinterLogic) Lack of Network Segmentation Between Docker Instances — Print Virtual Appliance Host 9.6 -2025-09-19
CVE-2025-41688 High Privilege RCE via LUA Sandbox Escape — mbNET HW1 7.2 High2025-07-31
CVE-2025-27027 Restricted shell evasion in Radiflow iSAP Smart Collector — iSAP Smart Collector 4.1 Medium2025-07-09
CVE-2025-5476 Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability — XAV-AX8500 8.8AIHighAI2025-06-21
CVE-2024-35281 Fortinet FortiClientMAC和Fortinet FortiVoiceUCDesktop 安全漏洞 — FortiClientMac 2.3 Low2025-05-13
CVE-2025-3086 User in anonymous role could create and delete views — M-Files Server 7.1AIHighAI2025-04-04
CVE-2025-1974 ingress-nginx admission controller RCE escalation — ingress-nginx 9.8 Critical2025-03-24
CVE-2025-26393 SolarWinds Service Desk Broken Access Control Vulnerability — Service Desk 5.4 Medium2025-03-17
CVE-2025-21590 Junos OS: An local attacker with shell access can execute arbitrary code — Junos OS 4.4 Medium2025-03-12
CVE-2025-24986 Azure Promptflow Remote Code Execution Vulnerability — Azure promptflow-core 6.5 Medium2025-03-11
CVE-2024-0137 NVIDIA Container Toolkit 安全漏洞 — NVIDIA Container Toolkit 5.5 Medium2025-01-28
CVE-2024-0136 NVIDIA Container Toolkit 安全漏洞 — NVIDIA Container Toolkit 7.6 High2025-01-28
CVE-2024-0135 NVIDIA Container Toolkit 安全漏洞 — NVIDIA Container Toolkit 7.6 High2025-01-28
CVE-2024-47520 A user with advanced report application access rights can perform actions for which they are not authorized — Arista Edge Threat Management 7.6 High2025-01-10
CVE-2024-53855 User can view tickets from organizations they're not apart of in centurion_erp — centurion_erp 1.9 Low2024-11-27
CVE-2024-49373 Centurion ERP user can view projects from organizations they're not apart of — centurion_erp 4.1 Medium2024-10-22

Vulnerabilities classified as CWE-653 (不充分的划分) represent 34 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.