Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-807 (在安全决策中依赖未经信任的输入) — Vulnerability Class 53

53 vulnerabilities classified as CWE-807 (在安全决策中依赖未经信任的输入). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-1789 XX打印机远程管理接口敏感信息泄露漏洞(特定型号) — imagePRESS Series 4.9 Medium2026-04-23
CVE-2026-41299 OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard — OpenClaw 7.1 High2026-04-20
CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability — Windows 10 Version 1607 6.7 Medium2026-04-14
CVE-2019-25711 SpotFTP Password Recover 2.4.2 Denial of Service via Name Field — SpotFTP Password Recover 6.2 Medium2026-04-12
CVE-2026-35670 OpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology Chat — OpenClaw 5.9 Medium2026-04-10
CVE-2026-35655 OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution — OpenClaw 5.7 Medium2026-04-10
CVE-2026-35624 OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk — OpenClaw 4.2 Medium2026-04-09
CVE-2026-35617 OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayName — OpenClaw 4.2 Medium2026-04-09
CVE-2025-13926 Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision — BASControl20 9.8 Critical2026-04-09
CVE-2026-29134 GINA Domain Switch — Secure Email Gateway 5.3AIMediumAI2026-04-02
CVE-2026-32975 OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist — OpenClaw 9.8 Critical2026-03-29
CVE-2019-25621 Pixel Studio 2.17 Denial of Service via Malformed Input — Pixel Studio 6.2 Medium2026-03-23
CVE-2019-25594 ASPRunner.NET 10.1 Denial of Service via Table Name Field — ASPRunner.NET 6.2 Medium2026-03-22
CVE-2019-25544 Pidgin 2.13.0 Denial of Service via Malformed Username — Pidgin 6.2 Medium2026-03-21
CVE-2026-32898 OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata — OpenClaw 5.4 Medium2026-03-21
CVE-2026-32057 OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter — OpenClaw 7.1 High2026-03-21
CVE-2026-29794 Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers — vikunja 5.3 Medium2026-03-20
CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File — claude-code 8.8 -2026-03-20
CVE-2026-21514 Microsoft Word Security Feature Bypass Vulnerability — Microsoft 365 Apps for Enterprise 7.8 High2026-02-10
CVE-2026-25958 Cube privilege escalation via a specially crafted request — cube 7.7 High2026-02-09
CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability — Microsoft 365 Apps for Enterprise 7.8 High2026-01-26
CVE-2026-23848 MyTube has Rate Limiting Bypass via X-Forwarded-For Header Spoofing — MyTube 6.5 Medium2026-01-19
CVE-2026-20849 Windows Kerberos Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.5 High2026-01-13
CVE-2025-12487 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability — text-generation-webui 9.8 -2025-11-06
CVE-2025-12488 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability — text-generation-webui 9.8 -2025-11-06
CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation — Easy Digital Downloads – eCommerce Payments and Subscriptions made easy 5.3 Medium2025-11-06
CVE-2025-53717 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability — Windows 11 version 22H2 7.0 High2025-10-14
CVE-2025-59152 X-Forwarded-For Header Spoofing Bypasses Litestar Rate Limiting — litestar 7.5 High2025-10-06
CVE-2025-53882 The logrotate configuration in the python-mailman of openSUSE allows the mailman user to sent SIGHUP to arbitrary proceess — openSUSE Tumbleweed 4.4 Medium2025-07-23
CVE-2024-13974 Sophos Firewall 安全漏洞 — Sophos Firewall 8.1 High2025-07-21

Vulnerabilities classified as CWE-807 (在安全决策中依赖未经信任的输入) represent 53 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.