Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-829 (从非可信控制范围包含功能例程) — Vulnerability Class 105

105 vulnerabilities classified as CWE-829 (从非可信控制范围包含功能例程). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2020-36924 Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion — Sony BRAVIA Digital Signage 6.1 Medium2026-01-06
CVE-2020-36905 FIBARO System Home Center 5.021 Remote File Inclusion via Proxy API — Home Center 3 7.5 High2026-01-06
CVE-2025-67842 Mintlify 安全漏洞 — Mintlify Platform 6.4 Medium2025-12-19
CVE-2025-68162 JetBrains TeamCity 安全漏洞 — TeamCity 2.7 Low2025-12-16
CVE-2025-67900 NXLog Agent 安全漏洞 — NXLog Agent 8.1 High2025-12-14
CVE-2025-65964 n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook — n8n 9.8AICriticalAI2025-12-08
CVE-2025-53841 Akamai Guardicore Platform Agent 安全漏洞 — Guardicore Platform Agent 7.8 High2025-12-03
CVE-2025-66022 FACTION Unauthenticated Custom Extension Upload leads to RCE — faction 9.7 Critical2025-11-26
CVE-2025-33205 NVIDIA Nemo Framework 安全漏洞 — NeMo Framework 7.3 High2025-11-25
CVE-2024-32011 Siemens Spectrum Power 安全漏洞 — Spectrum Power 4 8.8 High2025-11-11
CVE-2025-12509 Scripts for the module Global_Shipping executable on BRAIN2 Server — BRAIN2 8.4 High2025-10-31
CVE-2025-62726 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook — n8n 8.8 High2025-10-30
CVE-2025-11023 Local File Inclusion in ArkSigner's AcBakImzala — AcBakImzala 9.8 Critical2025-10-23
CVE-2025-41390 TruffleHog 安全漏洞 — TruffleHog 7.8 High2025-10-20
CVE-2025-52655 HCL MyXalytics is affected by a Cross-Domain Script Include vulnerability. — HCL MyXalytics 3.1 Low2025-10-10
CVE-2025-62186 Ankitects Anki 安全漏洞 — Anki 6.7 Medium2025-10-07
CVE-2025-36355 IBM Security Verify Access code execution — Security Verify Access Appliance 8.5 High2025-10-06
CVE-2025-61592 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config — cursor 8.8 High2025-10-03
CVE-2025-59828 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions — claude-code 9.1AICriticalAI2025-09-24
CVE-2025-57729 JetBrains IntelliJ IDEA 安全漏洞 — IntelliJ IDEA 6.5 Medium2025-08-20
CVE-2025-8714 PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client — PostgreSQL 8.8 High2025-08-14
CVE-2025-36727 SimpleHelp Inclusion of functionality from untrusted control sphere — Simplehelp 8.3 High2025-07-25
CVE-2025-54558 OpenAI Codex CLI 安全漏洞 — Codex CLI 4.1 Medium2025-07-25
CVE-2025-27582 One Identity Password Manager 安全漏洞 — Password Manager 7.6 High2025-07-14
CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target` — Folo 9.1 Critical2025-07-09
CVE-2025-49809 mtr 安全漏洞 — mtr 7.8 High2025-07-04
CVE-2025-32463 Sudo 安全漏洞 — Sudo 9.3 Critical2025-06-30
CVE-2025-36852 Build Cache Poisoning via Untrusted Pull Requests — Azure Based Remote Cache Plugin for Nx 6.8AIMediumAI2025-06-10
CVE-2024-52976 Elastic Agent Inclusion of Functionality from Untrusted Control Sphere — Elastic Agent 4.4 Medium2025-05-01
CVE-2025-20236 Cisco Webex App Client-Side Remote Code Execution Vulnerability — Cisco Webex Teams 8.8 High2025-04-16

Vulnerabilities classified as CWE-829 (从非可信控制范围包含功能例程) represent 105 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.