Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-74 (输出中的特殊元素转义处理不恰当(注入)) — Vulnerability Class 373

373 vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-6331 Injection by Prompt Injection in stitionai/devika — stitionai/devika 7.5 High2024-08-04
CVE-2024-41127 Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access. — monkeytype 8.4 High2024-08-02
CVE-2024-39320 Discourse allows iframe injection though default site setting — discourse 6.1 Medium2024-07-30
CVE-2024-26020 Ankitects Anki 注入漏洞 — Anki 9.6 Critical2024-07-22
CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker — woodpecker 7.5 High2024-07-19
CVE-2024-41121 Custom workspace allow to overwrite plugin entrypoint executable in Woodpecker — woodpecker 8.8 High2024-07-19
CVE-2024-39906 Remote code execution in Haven IndieAuthClient (GHSL-2024-093) — haven 8.4 High2024-07-19
CVE-2024-41111 BishopFox Sliver Authenticated Remote Code Execution — sliver 7.2 High2024-07-18
CVE-2024-20429 Cisco Secure Email 安全漏洞 — Cisco Secure Email 6.5 Medium2024-07-17
CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core — dbt-core 4.2 Medium2024-07-16
CVE-2024-38700 WordPress WPCS – WordPress Currency Switcher Professional plugin <= 1.2.0.3 - Arbitrary Shortcode Execution vulnerability — WPCS 6.5 Medium2024-07-12
CVE-2024-36522 Apache Wicket: Remote code execution via XSLT injection — Apache Wicket 9.8AICriticalAI2024-07-12
CVE-2024-37442 WordPress Photo Gallery by Ays – Responsive Image Gallery plugin < 5.7.1 - HTML Injection vulnerability — Photo Gallery by Ays 3.8 Low2024-07-09
CVE-2024-37253 WordPress WPDirectoryKit plugin <= 1.3.6 - HTML Injection vulnerability — WP Directory Kit 2.7 Low2024-07-09
CVE-2024-35777 WordPress WooCommerce plugin <= 8.9.2 - Content Injection vulnerability — WooCommerce 3.5 Low2024-07-09
CVE-2024-6470 playSMS Template injection — playSMS 2.7 Low2024-07-03
CVE-2024-6469 playSMS Template injection — playSMS 2.7 Low2024-07-03
CVE-2024-38366 CoacoaPods trunk RCE in email verification system rfc-822 — CocoaPods 10.0 Critical2024-07-01
CVE-2024-36420 GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file — Flowise 7.5 High2024-07-01
CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability — PPOM for WooCommerce 5.3 Medium2024-06-10
CVE-2024-5184 Prompt Injection in EmailGPT — EmailGPT 6.5 Medium2024-06-05
CVE-2023-23738 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email Spoofing Vulnerability — Spectra 5.3 Medium2024-06-03
CVE-2024-34697 Freescout vulnerable to Stored HTML Injection in Editing Received Emails — freescout 7.6 High2024-05-13
CVE-2024-32986 Arbitrary code execution due to improper sanitization of web app properties in PWAsForFirefox — PWAsForFirefox 9.7 Critical2024-05-03
CVE-2024-34062 tqdm CLI arguments injection attack — tqdm 4.8 Medium2024-05-03
CVE-2024-28234 Contao has insufficient BBCode sanitizer — contao 4.3 Medium2024-04-09
CVE-2024-28191 Contao may have unencoded insert tags in the frontend — contao 3.1 Low2024-04-09
CVE-2024-3366 Xuxueli xxl-job Template JdkSerializeTool.java deserialize injection — xxl-job 3.5 Low2024-04-06
CVE-2024-28867 Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics — swift-prometheus 5.9 Medium2024-03-29
CVE-2024-29896 Astro-Shield's Content-Security-Policy header generation in middleware could be compromised by malicious injections — astro-shield 7.5 High2024-03-28

Vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)) represent 373 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.