Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-74 (输出中的特殊元素转义处理不恰当(注入)) — Vulnerability Class 373

373 vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-32650 Arbitrary code execution in october/system — october 8.8 High2022-01-14
CVE-2021-29454 Sandbox Escape by math function in smarty — smarty 8.1 High2022-01-10
CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress — wordpress-develop 6.6 Medium2022-01-06
CVE-2021-43852 JavaScript Prototype Pollution in oro/platform — platform 8.8 High2022-01-04
CVE-2021-25994 Userfrosting - Host-Header Injection Leads to Account Takeover — userfrosting 8.8 High2022-01-03
CVE-2021-43837 Template injection in vault-cli — vault-cli 8.4 High2021-12-16
CVE-2021-41276 Indirect LDAP injection in Tuleap — tuleap 6.7 Medium2021-12-15
CVE-2021-43818 HTML Cleaner allows crafted and SVG embedded scripts to pass through — lxml 8.2 High2021-12-13
CVE-2021-36313 Dell EMC CloudLink 操作系统命令注入漏洞 — CloudLink 9.1 Critical2021-11-23
CVE-2021-25980 Talkyard - Host-Header Injection Leads to Account Takeover — talkyard 8.8 High2021-11-11
CVE-2021-38294 Shell Command Injection Vulnerability in Nimbus Thrift Server — Apache Storm 9.8 -2021-10-25
CVE-2021-41163 RCE via malicious SNS subscription payload — discourse 10.0 Critical2021-10-20
CVE-2021-38458 Moxa MXview Network Management Software — MXview Network Management Software 9.8 Critical2021-10-12
CVE-2021-41128 CSV Injection Vulnerability in Hygeia — hygeia 9.1 Critical2021-10-06
CVE-2021-39213 IP restriction on GLPI API Bypass with custom header injection — glpi 6.8 Medium2021-09-15
CVE-2021-39187 Crash server with query parameter — parse-server 7.5 High2021-09-02
CVE-2021-39175 XSS vector in slide mode speaker-view — hedgedoc 8.1 High2021-08-30
CVE-2021-32827 Arbitrary code execution in MockServer — mockserver 6.1 Medium2021-08-16
CVE-2021-21580 DELL Dell EMC iDRAC9 和 Dell EMC iDRAC8 注入漏洞 — Integrated Dell Remote Access Controller (iDRAC) 4.3 Medium2021-08-03
CVE-2021-32756 Arbitrary eval through MiqExpression — manageiq 8.8 High2021-07-21
CVE-2021-29084 Synology DiskStation DS418play 注入漏洞 — DiskStation Manager (DSM) 7.5 High2021-06-23
CVE-2021-29085 Synology DiskStation Manager 注入漏洞 — DiskStation Manager (DSM) 8.6 High2021-06-23
CVE-2021-32647 Post-authentication Remote Code Execution (RCE) in emissary:emissary — emissary 8.0 High2021-05-28
CVE-2021-32622 File upload local preview can run embedded scripts after user interaction — matrix-react-sdk 4.2 Medium2021-05-17
CVE-2021-29502 Remote code execution in the WarnSystem module of Laggrons-Dumb-Cogs — Laggrons-Dumb-Cogs 7.3 High2021-05-10
CVE-2021-29501 Remote code execution in ticketer — Dav-Cogs 8.1 High2021-05-10
CVE-2021-21420 Vulnerability in Stripe for Visual Studio Code < 1.7.3 — vscode-stripe 7.5 High2021-04-01
CVE-2021-21333 HTML injection in email and account expiry notifications — synapse 6.1 Medium2021-03-26
CVE-2021-24144 Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection — Contact Form 7 Database Addon 8.8 -2021-03-18
CVE-2021-21381 Sandbox escape via special tokens in .desktop file — flatpak 7.1 High2021-03-11

Vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)) represent 373 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.