CWE-74 (输出中的特殊元素转义处理不恰当(注入)) — Vulnerability Class 373

373 vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-27148	Storybook Dev Server Vulnerable to WebSocket Hijacking — storybook	8.1^AI	High^AI	2026-02-25
CVE-2026-27727	mchange-commons-java: Remote Code Execution via JNDI Reference Resolution — mchange-commons-java	8.8^AI	High^AI	2026-02-25
CVE-2025-67733	Valkey Affected by RESP Protocol Injection via Lua error_reply — valkey	8.5	High	2026-02-23
CVE-2026-2954	Dromara UJCMS ImportDataController import-channel importChanel injection — UJCMS	6.3	Medium	2026-02-22
CVE-2026-27194	D-Tale affected by Remote Code Execution through the /save-column-filter endpoint — dtale	9.8	-	2026-02-21
CVE-2026-27022	RediSearch Query Injection in @langchain/langgraph-checkpoint-redis — langgraphjs	6.5	Medium	2026-02-20
CVE-2026-24764	OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions — clawdbot	3.7	Low	2026-02-19
CVE-2026-2019	Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting — Cart All In One For WooCommerce	7.2	High	2026-02-18
CVE-2026-2469	ImapEngine 安全漏洞 — directorytree/imapengine	7.6	High	2026-02-14
CVE-2026-25814	NoSQL Injection Risk via Unsanitized Query Parameters — assessment-placipy	7.1^AI	High^AI	2026-02-09
CVE-2026-25586	SandboxJS has a Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution — SandboxJS	10.0	Critical	2026-02-06
CVE-2026-25520	SandboxJS has a Sandbox Escape — SandboxJS	10.0	Critical	2026-02-06
CVE-2026-24043	jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation) — jsPDF	7.6^AI	High^AI	2026-02-02
CVE-2025-41083	Improper Neutralization in Altitude Communication Server — Altitude Communication Server	6.1^AI	Medium^AI	2026-01-26
CVE-2026-24010	Horilla has HTML Injection Issue that, with Phishing, Leads to Account Takeover — horilla	8.0^AI	High^AI	2026-01-22
CVE-2026-24002	pyodide sandbox option is insecure — grist-core	9.1	Critical	2026-01-22
CVE-2026-0865	wsgiref.headers.Headers allows header newline injection — CPython	4.7^AI	Medium^AI	2026-01-20
CVE-2026-22200	osTicket (1.18.x < 1.18.3, 1.17.x < 1.17.7) PDF Export Arbitrary File Read — osTicket	6.5^AI	Medium^AI	2026-01-12
CVE-2025-67746	Composer vulnerable to ANSI sequence injection — composer	8.1	-	2025-12-30
CVE-2025-14674	aizuda snail-job QLExpressEngine.java QLExpressEngine.doEval injection — snail-job	6.3	Medium	2025-12-14
CVE-2024-56840	Siemens RUGGEDCOM ROX II 注入漏洞 — RUGGEDCOM ROX MX5000	7.2	High	2025-12-09
CVE-2024-56839	Siemens RUGGEDCOM ROX II 注入漏洞 — RUGGEDCOM ROX MX5000	7.2	High	2025-12-09
CVE-2024-56838	Siemens RUGGEDCOM ROX II 注入漏洞 — RUGGEDCOM ROX MX5000	7.2	High	2025-12-09
CVE-2024-56835	Siemens RUGGEDCOM ROX II 注入漏洞 — RUGGEDCOM ROX MX5000	8.8	High	2025-12-09
CVE-2025-66025	Caido Improperly Handles External Links in Markdown — caido	4.3	Medium	2025-11-26
CVE-2025-64428	DataEase DB2 JNDI Vulnerability — dataease	9.1	-	2025-11-20
CVE-2025-13268	Dromara dataCompare JDBC URL DbconfigServiceImpl.java DbConfig injection — dataCompare	6.3	Medium	2025-11-17
CVE-2025-64741	Zoom Workplace for Android - Improper Authorization Handling — Zoom Workplace for Android	8.1	High	2025-11-13
CVE-2025-64099	OpenAM allows use of arbitrary OIDC requested claims values in id_token and user_info — OpenAM	4.3	-	2025-11-12
CVE-2025-47286	Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality — iTop	9.1	-	2025-11-10

Vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)) represent 373 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-74 (输出中的特殊元素转义处理不恰当(注入)) — Vulnerability Class 373