Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-74 (输出中的特殊元素转义处理不恰当(注入)) — Vulnerability Class 373

373 vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2017-20174 bastianallgeier Kirby Webmentions Plugin injection — Kirby Webmentions Plugin 5.6 Medium2023-01-19
CVE-2015-10062 galaxy-data-resource Command Line Template injection — galaxy-data-resource 5.5 Medium2023-01-17
CVE-2022-43720 Apache Superset: Improper rendering of user input — Apache Superset 4.6 -2023-01-16
CVE-2015-10040 gitlearn Escape Sequence config.sh getOutOf injection — gitlearn 5.4 Medium2023-01-13
CVE-2022-42268 NVIDIA Omniverse Kit 代码注入漏洞 — Omniverse Audio2Face 7.8 High2023-01-12
CVE-2022-46180 Arbitrary HTML injection in discourse-mermaid-theme-component — discourse-mermaid-theme-component 5.0 Medium2023-01-04
CVE-2016-15007 Centralized-Salesforce-Dev-Framework SOQL SObjectService.cls SObjectService injection — Centralized-Salesforce-Dev-Framework 5.5 Medium2023-01-02
CVE-2017-20161 rofl0r MacGeiger ESSID macgeiger.c dump_wlan_at injection — MacGeiger 4.6 Medium2023-01-02
CVE-2022-4768 Dropbox merou SSH Public Key public_key.py add_public_key injection — merou 6.3 Medium2022-12-27
CVE-2022-40145 Apache Karaf: JDBC JAAS LDAP injection — Apache Karaf 9.8 -2022-12-21
CVE-2020-36618 Furqan node-whois index.coffee prototype pollution — node-whois 6.3 Medium2022-12-19
CVE-2021-4245 chbrown rfc6902 pointer.ts prototype pollution — rfc6902 5.5 Medium2022-12-15
CVE-2022-46265 Siemens Polarion 注入漏洞 — Polarion ALM 5.4 Medium2022-12-13
CVE-2022-4170 rxvt-unicode 安全漏洞 — rxvt-unicode 9.8 -2022-12-09
CVE-2022-46169 Unauthenticated Command Injection — cacti 9.8 Critical2022-12-05
CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection — discourse-bbcode 8.8 High2022-11-30
CVE-2022-41934 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui — xwiki-platform 9.9 Critical2022-11-23
CVE-2022-4064 Dalli Meta Protocol request_formatter.rb self.meta_set injection — Dalli 3.7 Low2022-11-19
CVE-2022-41878 Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers — parse-server 7.2 High2022-11-10
CVE-2022-39382 NODE_ENV in Keystone defaults to development with esbuild — keystone 9.8 Critical2022-11-03
CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript — Apache Spark 5.4 -2022-11-01
CVE-2021-38395 Honeywell Experion PKS and ACE Controllers Injection — Experion PKS 9.1 Critical2022-10-28
CVE-2022-40248 An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4 — VINCE - The Vulnerability Information and Coordination Environment 5.4 -2022-10-10
CVE-2022-40257 An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4 — VINCE - The Vulnerability Information and Coordination Environment 5.4 -2022-10-10
CVE-2022-39265 Mail settings' command parameter injection in mybb — mybb 7.2 High2022-10-06
CVE-2022-39217 Improper Neutralization of Formula Elements in a CSV File in ghas-to-csv — ghas-to-csv 5.8 Medium2022-09-16
CVE-2022-38191 HTML injection vulnerability in Portal for ArcGIS — Portal for ArcGIS 6.1 Medium2022-08-15
CVE-2022-36323 Siemens SCALANCE 安全漏洞 — RUGGEDCOM RM1224 LTE(4G) EU 9.1 Critical2022-08-10
CVE-2022-35735 BIG-IP monitor configuration vulnerability CVE-2022-35735 — BIG-IP 7.2 High2022-08-04
CVE-2022-31179 Insufficient escaping of line feeds for CMD in shescape — shescape 8.1 High2022-08-01

Vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)) represent 373 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.