Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-668 (将资源暴露给错误范围) — Vulnerability Class 126

126 vulnerabilities classified as CWE-668 (将资源暴露给错误范围). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6830 Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch — hermes-webui 3.3 Low2026-04-21
CVE-2026-32690 Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1 — Apache Airflow 7.5AIHighAI2026-04-18
CVE-2026-30912 Apache Airflow: Exposing stack trace in case of constraint error — Apache Airflow 7.5AIHighAI2026-04-18
CVE-2025-54502 AMD EPYC Processor 安全漏洞 — AMD EPYC™ 9004 Series Processors 7.8AIHighAI2026-04-16
CVE-2026-35658 OpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image Tool — OpenClaw 6.5 Medium2026-04-10
CVE-2026-39911 Hashgraph Guardian 3.5.0 Unsandboxed JavaScript Execution RCE — guardian 8.8 High2026-04-09
CVE-2026-34538 Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure) — Apache Airflow 6.5AIMediumAI2026-04-09
CVE-2026-34765 Electron named window.open targets not scoped to the opener's browsing context — electron 6.0 Medium2026-04-07
CVE-2026-34217 SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler — SandboxJS 9.3AICriticalAI2026-04-06
CVE-2026-34780 Electron: Context Isolation bypass via contextBridge VideoFrame transfer — electron 8.4 High2026-04-04
CVE-2026-20160 Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability — Cisco Smart Software Manager On-Prem 9.8 Critical2026-04-01
CVE-2026-33573 OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters — OpenClaw 8.8 High2026-03-29
CVE-2026-28779 Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications — Apache Airflow 9.8AICriticalAI2026-03-17
CVE-2026-27466 BigBlueButton: Exposed ClamAV port enables Denial of Service — bigbluebutton 7.2 High2026-02-21
CVE-2026-26057 Skill Scanner Unsecured Network Binding Vulnerability — skill-scanner 6.5 Medium2026-02-19
CVE-2025-61917 n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner — n8n 7.7 High2026-02-04
CVE-2026-23763 VB-Audio Matrix Drivers Local Privilege Escalation via Kernel Memory Exposure — Matrix 7.8AIHighAI2026-01-22
CVE-2025-25176 GPU DDK - GPU Register value contents leaked from secure workloads to non-secure world — Graphics DDK 8.1AIHighAI2026-01-13
CVE-2025-9074 Docker Desktop allows unauthenticated access to Docker Engine API from containers — Docker Desktop 8.1AIHighAI2025-08-20
CVE-2025-54126 WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified — wasm-micro-runtime 9.1AICriticalAI2025-07-29
CVE-2025-8107 Oracle GoldenGate 安全漏洞 — OceanBase Server 6.3 Medium2025-07-24
CVE-2025-34119 EasyCafe Server 2.2.14 Remote File Disclosure via Opcode 0x43 — EasyCafe Server 7.5AIHighAI2025-07-16
CVE-2025-6788 Schneider Electric EcoStruxure Power Monitoring Expert和Schneider Electric EcoStruxure Power Operation 安全漏洞 — EcoStruxure™ Power Monitoring Expert 5.4AIMediumAI2025-07-11
CVE-2025-34064 OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage — OneLogin Active Directory Connector (ADC) 8.1AIHighAI2025-07-01
CVE-2025-46707 GPU DDK - Guest VM can override its own FW VZ connection state after the FW has close it — Graphics DDK 7.8AIHighAI2025-06-27
CVE-2025-49574 Quarkus potential data leak when duplicating a duplicated context — quarkus 6.4 Medium2025-06-23
CVE-2025-32783 XWiki allows unregistered users to see "public" messages from a closed wiki via notifications from a different wiki — xwiki-platform 4.7 Medium2025-04-16
CVE-2025-32428 Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX socket as intended — jupyter-remote-desktop-proxy 8.8AIHighAI2025-04-14
CVE-2025-21608 Forged packets over MQTT can show up in direct messages in Meshtastic firmware — firmware 5.3 -2025-02-18
CVE-2024-13484 Openshift-gitops-operator-container: namespace isolation break 8.2 High2025-01-28

Vulnerabilities classified as CWE-668 (将资源暴露给错误范围) represent 126 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.