Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-74 (输出中的特殊元素转义处理不恰当(注入)) — Vulnerability Class 373

373 vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-31631 PDO::quote() may return unquoted string — PHP 9.1 Critical2025-02-12
CVE-2025-24962 Command Injection in reNgine — rengine 8.8 -2025-02-03
CVE-2025-24374 Twig fixes a security issue where escaping was missing when using null coalesce operator (??) — Twig 4.3 Medium2025-01-29
CVE-2025-24364 vaultwarden allows RCE in the admin panel — vaultwarden 7.2 High2025-01-27
CVE-2025-0697 Telstra Smart Modem Gen 2 HTTP Header injection — Smart Modem Gen 2 5.3 Medium2025-01-24
CVE-2024-53263 Git LFS permits exfiltration of credentials via crafted HTTP URLs — git-lfs 7.5 -2025-01-14
CVE-2024-21797 WAVLINK AC3000 注入漏洞 — Wavlink AC3000 9.1 Critical2025-01-14
CVE-2024-39604 WAVLINK AC3000 注入漏洞 — Wavlink AC3000 9.0 Critical2025-01-14
CVE-2024-34544 WAVLINK AC3000 注入漏洞 — Wavlink AC3000 9.1 Critical2025-01-14
CVE-2024-36295 WAVLINK AC3000 注入漏洞 — Wavlink AC3000 9.1 Critical2025-01-14
CVE-2024-39785 WAVLINK AC3000 注入漏洞 — Wavlink AC3000 9.1 Critical2025-01-14
CVE-2024-39784 WAVLINK AC3000 注入漏洞 — Wavlink AC3000 9.1 Critical2025-01-14
CVE-2024-53860 Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler — SPEmailHandler-PHP 8.6 High2024-11-27
CVE-2024-50572 Siemens多款产品 注入漏洞 — RUGGEDCOM RM1224 LTE(4G) EU 7.2 High2024-11-12
CVE-2024-52004 Remote code execution vulnerabilities in MediaCMS — mediacms 9.8 -2024-11-08
CVE-2024-50340 Ability to change environment from query in symfony/runtime — symfony 7.3 High2024-11-06
CVE-2024-10491 Preload arbitrary resources by injecting additional `Link` headers — express 4.0 Medium2024-10-29
CVE-2024-49381 Plenti arbitrary file deletion vulnerability — plenti 8.1 -2024-10-25
CVE-2024-49380 Plenti arbitrary file write vulnerability — plenti 8.8 -2024-10-25
CVE-2024-48927 Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice — Umbraco-CMS 4.6 Medium2024-10-22
CVE-2024-47764 cookie accepts cookie name, path, and domain with out of bounds characters — cookie 5.3 -2024-10-04
CVE-2024-47180 Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges — shields 8.8 High2024-09-26
CVE-2024-46997 DataEase's H2 datasource has a remote command execution risk — dataease 9.8 Critical2024-09-23
CVE-2024-46983 Remote Command Execution(RCE) Vulnerbility in sofa-hessian — sofa-hessian 9.8 Critical2024-09-19
CVE-2024-46986 Arbitrary file write leading to RCE in Camaleon CMS — camaleon-cms 10.0 Critical2024-09-18
CVE-2024-6702 Pegasystem PEGA Platform 安全漏洞 — Pega Infinity 5.2 Medium2024-09-12
CVE-2024-8367 HM Courts & Tribunals Service Probate Back Office Markdown NotificationService.java injection — Probate Back Office 3.5 Low2024-09-01
CVE-2024-43782 openedx-translations's Atlas translations for Open edX missing validation — openedx-translations 7.7 High2024-08-23
CVE-2024-42472 Flatpak may allow access to files outside sandbox for certain apps — flatpak 10.0 Critical2024-08-15
CVE-2024-42489 Pro Macros Remote Code Execution via Viewpdf and similar macros — xwiki-pro-macros 10.0 Critical2024-08-12

Vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)) represent 373 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.