CWE-829 (从非可信控制范围包含功能例程) — Vulnerability Class 105

105 vulnerabilities classified as CWE-829 (从非可信控制范围包含功能例程). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-42510	OpenStack Ironic <=25.0.0 ipmitool执行漏洞 — Ironic	6.6	Medium	2026-04-28
CVE-2026-41355	OpenShell < 2026.3.28 - Arbitrary Code Execution via Mirror Mode Sandbox File Conversion — OpenClaw	7.3	High	2026-04-23
CVE-2026-41336	OpenClaw < 2026.3.31 - Arbitrary Hook Code Execution via OPENCLAW_BUNDLED_HOOKS_DIR Environment Variable Override — OpenClaw	7.8	High	2026-04-23
CVE-2026-6859	Instructlab: instructlab: arbitrary code execution due to hardcoded `trust_remote_code=true` — Red Hat Enterprise Linux AI (RHEL AI) 3	8.8	High	2026-04-22
CVE-2026-40903	Goshs - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence — goshs	9.1	Critical	2026-04-21
CVE-2026-41295	OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Channel Setup — OpenClaw	7.8	High	2026-04-20
CVE-2026-41253	iTerm2 安全漏洞 — iTerm2	6.9	Medium	2026-04-18
CVE-2026-6482	Local Privilege Escalation via OpenSSL configuration file in Insight Agent — Insight Agent	7.8^AI	High^AI	2026-04-17
CVE-2026-40959	Luanti 安全漏洞 — Luanti	9.3	Critical	2026-04-16
CVE-2026-40313	PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence — PraisonAI	9.1	Critical	2026-04-14
CVE-2026-40154	PraisonAI Affected by Untrusted Remote Template Code Execution — PraisonAI	9.3	Critical	2026-04-09
CVE-2026-1342	Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access Container	8.5	High	2026-04-07
CVE-2026-32920	OpenClaw < 2026.3.12 - Arbitrary Code Execution via Auto-Discovery of Workspace Plugins — OpenClaw	8.4	High	2026-03-31
CVE-2026-3991	Elevation of Privileges in Symantec Data Loss Prevention Windows Endpoint — Data Loss Prevention	7.8	High	2026-03-30
CVE-2025-55273	HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability — Aftermarket DPC	4.3	Medium	2026-03-26
CVE-2026-22217	OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix Fallback — OpenClaw	6.1	Medium	2026-03-18
CVE-2026-4295	Arbitrary code execution via crafted project files in Kiro IDE — Kiro IDE	7.8	High	2026-03-17
CVE-2026-4255	DLL Injection Privilege Escalation — TR-VISION HOME	7.8^AI	High^AI	2026-03-16
CVE-2026-28135	WordPress Royal Elementor Addons plugin <= 1.7.1052 - Other vulnerability Type vulnerability — Royal Elementor Addons	6.5	-	2026-03-05
CVE-2026-1628	Mattermost allows external websites to open within the app, exposing preload functionality to non-trusted sites. — Mattermost	4.6	Medium	2026-03-02
CVE-2026-28372	GNU Inetutils 安全漏洞 — inetutils	7.4	High	2026-02-27
CVE-2026-27941	OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows — openlit	10.0	Critical	2026-02-26
CVE-2026-26974	Sylde has Improper Control of Generation of Code — Slyde	9.8^AI	Critical^AI	2026-02-20
CVE-2026-26959	ADB Explorer Vulnerable to RCE via Insufficient Input Validation — ADB-Explorer	7.8	High	2026-02-19
CVE-2026-26079	Roundcube Webmail 安全漏洞 — Webmail	4.7	Medium	2026-02-11
CVE-2026-1699	Eclipse Theia - Website 安全漏洞 — Eclipse Theia - Website	10.0	Critical	2026-01-30
CVE-2026-0770	Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability — Langflow	9.8	-	2026-01-23
CVE-2026-22816	Gradle fails to disable repositories which can expose builds to malicious artifacts — gradle	8.2	-	2026-01-16
CVE-2025-68924	Umbraco Forms 安全漏洞 — Forms	7.5	High	2026-01-16
CVE-2025-70974	Fastjson 安全漏洞 — Fastjson	10.0	Critical	2026-01-09

Vulnerabilities classified as CWE-829 (从非可信控制范围包含功能例程) represent 105 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-829 (从非可信控制范围包含功能例程) — Vulnerability Class 105