Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-74 (输出中的特殊元素转义处理不恰当(注入)) — Vulnerability Class 373

373 vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-31180 Insufficient escaping of whitespace in shescape — shescape 9.8 Critical2022-08-01
CVE-2016-15004 InfiniteWP Client Plugin injection — InfiniteWP Client Plugin 7.3 High2022-07-23
CVE-2022-31593 SAP Business One client 注入漏洞 — SAP Business One 8.8 -2022-07-12
CVE-2022-34466 Siemens Mendix Applications using Mendix 9 注入漏洞 — Mendix Applications using Mendix 9 7.5 -2022-07-12
CVE-2022-31126 Unauthenticated Remote Code Execution in Roxy-wi — roxy-wi 10.0 Critical2022-07-06
CVE-2022-31014 SMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server — security-advisories 5.4 Medium2022-07-05
CVE-2022-31108 Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js — mermaid 4.1 Medium2022-06-28
CVE-2022-31086 Incorrect Regular Expressions in ldap-account-manager — lam 8.8 -2022-06-27
CVE-2022-31087 Incorrect Default Permissions in ldap-account-manager — lam 7.8 -2022-06-27
CVE-2022-31088 Unauthenticated LDAP Injection in ldap-account-manager — lam 5.3 -2022-06-27
CVE-2020-36531 SevOne Network Management System Device Manager Page injection — Network Management System 6.3 Medium2022-06-03
CVE-2022-30991 HTML injection via report name — Acronis Cyber Protect 15 7.2 -2022-05-18
CVE-2022-23068 ToolJet - HTML Injection in Invite New User — ToolJet 5.4 Medium2022-05-18
CVE-2022-29171 Remote Code Execution in sourcegraph — sourcegraph 6.6 Medium2022-05-05
CVE-2022-29166 Improper handling of multiline messages in matrix-appservice-irc — matrix-appservice-irc 8.0 High2022-05-05
CVE-2022-23064 Snipe-IT - Host Header Injection — snipe-it 8.8 High2022-05-02
CVE-2022-29816 Jetbrains JetBrains IntelliJ IDEA 跨站脚本漏洞 — IntelliJ IDEA 2.8 Low2022-04-28
CVE-2022-24888 Possible Injection in Nextcloud Server — security-advisories 4.3 Medium2022-04-27
CVE-2022-20693 Cisco IOS XE Software Web UI API Injection Vulnerability — Cisco IOS XE Software 4.7 Medium2022-04-15
CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar — security-advisories 5.3 Medium2022-04-11
CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames — gocd 8.2 High2022-04-11
CVE-2022-1074 TEM FLEX-1085 injection — FLEX-1085 4.3 Medium2022-03-29
CVE-2022-20001 Injection in fish — fish-shell 7.8 High2022-03-14
CVE-2022-24760 Command Injection in Parse server — parse-server 10.0 Critical2022-03-11
CVE-2022-21705 Authenticated remote code execution in octobercms — october 7.2 High2022-02-23
CVE-2022-23616 Remote code execution in xwiki-platform — xwiki-platform 8.8 High2022-02-09
CVE-2022-0391 Python 注入漏洞 — python 7.5 -2022-02-09
CVE-2021-43929 Synology DiskStation Manager 跨站脚本漏洞 — DiskStation Manager (DSM) 6.5 Medium2022-02-07
CVE-2022-23614 Code injection in Twig — Twig 8.8 High2022-02-04
CVE-2021-32649 Authenticated file write leads to remote code execution in october/system — october 8.8 High2022-01-14

Vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)) represent 373 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.