Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-706 (使用不正确的解析名称或索引) — Vulnerability Class 35

35 vulnerabilities classified as CWE-706 (使用不正确的解析名称或索引). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41402 OpenClaw < 2026.3.31 - Webhook Replay Cache Cross-Target messageId Scope Bypass — OpenClaw 4.2 Medium2026-04-28
CVE-2026-42254 Hickory DNS 安全漏洞 — Hickory DNS 4.0 Medium2026-04-26
CVE-2026-41354 OpenClaw < 2026.4.2 - Insufficient Scope in Zalo Webhook Replay Dedupe Keys — OpenClaw 3.7 Low2026-04-23
CVE-2026-35358 uutils coreutils cp Semantic Loss and Potential Denial of Service with -R via Device Node Stream Reading — coreutils 4.4 Medium2026-04-22
CVE-2026-35666 OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper — OpenClaw 8.8 High2026-04-10
CVE-2026-35635 OpenClaw < 2026.3.22 - Webhook Path Route Replacement Vulnerability in Synology Chat — OpenClaw 4.8 Medium2026-04-09
CVE-2026-33732 srvx is vulnerable to middleware bypass via absolute URI in request line — srvx 4.8 Medium2026-03-26
CVE-2026-33490 h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes — h3 3.7 Low2026-03-26
CVE-2026-1230 Use of Incorrectly-Resolved Name or Reference in GitLab — GitLab 4.1 Medium2026-03-11
CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection — WeKnora 5.9 Medium2026-03-07
CVE-2026-25890 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL — filebrowser 8.1 High2026-02-09
CVE-2026-25067 SmarterTools SmarterMail < Build 9518 Unauthenticated background-of-the-day Path Coercion — SmarterMail 9.8AICriticalAI2026-01-29
CVE-2025-13437 Arbitrary node_modules Directory Deletion in Google zx — zx 5.5 -2025-11-20
CVE-2025-62378 CommandKit exposes incorrect command name in context object for message command aliases — commandkit 6.1 Medium2025-10-15
CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion — hono 7.5 High2025-09-04
CVE-2025-30357 NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion — Nameless 7.3 High2025-04-18
CVE-2025-29914 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME` — coraza 5.4 Medium2025-03-20
CVE-2024-52515 Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews — security-advisories 5.7 Medium2024-11-15
CVE-2024-51746 Use of incorrect Rekor entries during verification in gitsign — gitsign 6.5 -2024-11-05
CVE-2024-45305 gix-path uses local config across repos when it is the highest scope — gitoxide 2.5 Low2024-09-02
CVE-2024-35198 TorchServe bypass allowed_urls configuration — serve 9.8 Critical2024-07-18
CVE-2023-42125 Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability — Premium Security 7.8 -2024-05-03
CVE-2024-27295 Directus MySQL accent insensitive email matching — directus 8.2 High2024-03-01
CVE-2024-27292 Docassemble unauthorized access through URL manipulation — docassemble 7.5 High2024-02-29
CVE-2023-42451 Mastodon Invalid Domain Name Normalization vulnerability — mastodon 7.4 High2023-09-19
CVE-2023-28643 Potential share collision for recipients when caching is enabled in nextcloud server — security-advisories 5.5 Medium2023-03-30
CVE-2023-28628 `authority-regex` returns the wrong authority in lambdaisland/uri — uri 5.4 Medium2023-03-27
CVE-2022-31089 Invalid file request can crashe parse-server — parse-server 7.5 High2022-06-27
CVE-2022-27778 curl 安全漏洞 — https://github.com/curl/curl 8.1 -2022-06-01
CVE-2022-28198 NVIDIA Omniverse 安全漏洞 — NVIDIA Omniverse Nucleus 6.6 Medium2022-04-29

Vulnerabilities classified as CWE-706 (使用不正确的解析名称或索引) represent 35 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.