Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-74 (输出中的特殊元素转义处理不恰当(注入)) — Vulnerability Class 373

373 vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-7045 baomidou dynamic-datasource StandardEvaluationContext/SpelExpressionParser DsSpelExpressionProcessor.java DsSpelExpressionProcessor#doDetermineDatasource injection — dynamic-datasource 6.3 Medium2026-04-26
CVE-2026-6994 Envoy Query Parameter header_mutation.cc params.add injection — Envoy 6.3 Medium2026-04-25
CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade — MailKit 6.5 Medium2026-04-24
CVE-2026-1089 User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups — GoAnywhere MFT 6.5 Medium2026-04-21
CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT — GoAnywhere MFT 5.4 Medium2026-04-21
CVE-2026-6599 langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injection — langflow 6.3 Medium2026-04-20
CVE-2026-5797 Quiz and Survey Master (QSM) <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields — Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker 5.3 Medium2026-04-17
CVE-2026-39419 MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing — MaxKB 3.1 Low2026-04-14
CVE-2026-35515 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection') — nest 6.5AIMediumAI2026-04-07
CVE-2026-5561 Campcodes Complete POS Management and Inventory System Environment Variable SettingsController.php injection — Complete POS Management and Inventory System 6.3 Medium2026-04-05
CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest — electron 5.9 Medium2026-04-03
CVE-2026-34041 act: Unrestricted set-env and add-path command processing enables environment injection — act 7.1AIHighAI2026-03-31
CVE-2026-5002 PromtEngineer localGPT LLM Prompt server.py _route_using_overviews injection — localGPT 7.3 High2026-03-28
CVE-2026-32695 Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass — traefik 10.0 -2026-03-27
CVE-2026-33148 URL Parameter Injection in FDC Food Search API Causes Server Crash and Exposes Internal API Key — recipes 6.5 Medium2026-03-26
CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API — froxlor 7.5 -2026-03-24
CVE-2026-33475 Langflow GitHub Actions Shell Injection — langflow 9.1 Critical2026-03-24
CVE-2026-33202 Rails Active Storage has possible glob injection in its DiskService — activestorage 8.1 -2026-03-23
CVE-2026-4516 Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection — MetaGPT 6.3 Medium2026-03-21
CVE-2026-4511 vanna-ai vanna legacy exec injection — vanna 6.3 Medium2026-03-21
CVE-2026-4500 bagofwords1 bagofwords code_execution.py generate_df injection — bagofwords 6.3 Medium2026-03-20
CVE-2026-32616 Pigeon has a Host Header Injection in email verification flow — Pigeon 8.2 High2026-03-13
CVE-2026-3992 CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection — serverless-express 6.3 Medium2026-03-12
CVE-2026-29777 Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values — traefik 5.4AIMediumAI2026-03-11
CVE-2026-31816 Budibase Universal Auth Bypass via Webhook Query Param Injection — budibase 9.1 Critical2026-03-09
CVE-2026-3813 opencc JFlow WF_CCForm.java Calculate injection — JFlow 6.3 Medium2026-03-09
CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes — Ghost 7.7 High2026-03-05
CVE-2026-29085 Hono: SSE Control Field Injection via CR/LF in writeSSE() — hono 6.5 Medium2026-03-04
CVE-2026-26002 OnDemand susceptible to malicious input when navigating to a directory. — ondemand 8.0AIHighAI2026-03-04
CVE-2026-25750 LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl — helm 8.9AIHighAI2026-03-04

Vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)) represent 373 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.