Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-693 (保护机制失效) — Vulnerability Class 222

222 vulnerabilities classified as CWE-693 (保护机制失效). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class — erb 8.1 High2026-04-24
CVE-2026-41469 Beghelli Sicuro24 SicuroWeb Missing Content Security Policy — SicuroWeb (Sicuro24) 5.2 Medium2026-04-22
CVE-2026-40604 ClearanceKit: opfilter system extension can be suspended or signalled by a root process, disabling file-access policy enforcement — clearancekit 7.1AIHighAI2026-04-21
CVE-2026-32225 Windows Shell Security Feature Bypass Vulnerability — Windows 10 Version 1607 8.8 High2026-04-14
CVE-2026-32202 Windows Shell Spoofing Vulnerability — Windows 10 Version 1607 4.3 Medium2026-04-14
CVE-2026-22692 October CMS: Twig Sandbox Bypass via Collection Methods — october 4.9 Medium2026-04-14
CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect — MaxKB 6.3 Medium2026-04-14
CVE-2026-39420 MaxKB: Sandbox escape via LD_PRELOAD bypass — MaxKB 6.3 Medium2026-04-14
CVE-2026-34208 SandboxJS: Sandbox integrity escape — SandboxJS 10.0 Critical2026-04-06
CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code — PraisonAI 10.0 Critical2026-04-03
CVE-2026-27893 vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out — vllm 8.8 High2026-03-26
CVE-2026-32947 Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier) — harden-runner 9.1 -2026-03-20
CVE-2026-32946 Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier) — harden-runner 8.6 -2026-03-20
CVE-2026-3965 whyour qinglong API express.ts protection mechanism — qinglong 6.3 Medium2026-03-11
CVE-2026-30938 Parse Server has denylist `requestKeywordDenylist` keyword scan bypass through nested object placement — parse-server 9.1AICriticalAI2026-03-10
CVE-2025-58406 Lack of HTTP Response Headers — CGM CLININET 6.5AIMediumAI2026-03-02
CVE-2026-26994 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries — utls 6.5 Medium2026-02-20
CVE-2026-21510 Windows Shell Security Feature Bypass Vulnerability — Windows 10 Version 1607 8.8 High2026-02-10
CVE-2026-21513 MSHTML Framework Security Feature Bypass Vulnerability — Windows 10 Version 1607 8.8 High2026-02-10
CVE-2026-25115 n8n is vulnerable to Python sandbox escape — n8n 9.9AICriticalAI2026-02-04
CVE-2026-0620 L2TP over IPSec Encryption Failure on ArcherAXE75 — AXE75 7.5AIHighAI2026-02-03
CVE-2026-1232 Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows — Privilege management for Windows 6.7AIMediumAI2026-02-02
CVE-2025-40536 SolarWinds Web Help Desk Security Control Bypass Vulnerability — Web Help Desk 8.1 High2026-01-28
CVE-2025-55249 HCL AION is affected by a Missing Security Response Headers vulnerability. — AION 3.5 Low2026-01-19
CVE-2026-22686 Sandbox Escape via Host Error Prototype Chain in enclave-vm — enclave 10.0 Critical2026-01-13
CVE-2026-20824 Windows Remote Assistance Security Feature Bypass Vulnerability — Windows 10 Version 1607 5.5 Medium2026-01-13
CVE-2025-69264 pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default" — pnpm 8.8 High2026-01-07
CVE-2025-15422 EmpireSoft EmpireCMS IP Address connect.php egetip protection mechanism — EmpireCMS 5.3 Medium2026-01-02
CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node — n8n 9.9 Critical2025-12-26
CVE-2025-13326 Mattermost Desktop App fails to enable Hardened Runtime when packaged for Mac App Store — Mattermost 3.9 Low2025-12-17

Vulnerabilities classified as CWE-693 (保护机制失效) represent 222 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.