Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-943 (数据查询逻辑中特殊元素的不当中和) — Vulnerability Class 36

36 vulnerabilities classified as CWE-943 (数据查询逻辑中特殊元素的不当中和). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41327 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field — dgraph 9.1 Critical2026-04-24
CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field — dgraph 9.1 Critical2026-04-24
CVE-2026-41274 Flowise: Cypher Injection in GraphCypherQAChain — Flowise 9.8AICriticalAI2026-04-23
CVE-2026-6626 Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic injection — Cockpit 6.3 Medium2026-04-20
CVE-2026-40352 FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover — FastGPT 8.8 High2026-04-17
CVE-2026-40351 FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass — FastGPT 9.8 Critical2026-04-17
CVE-2026-34973 phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure — phpMyFAQ 8.2AIHighAI2026-04-02
CVE-2026-33980 Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries — adx-mcp-server 8.3 High2026-03-27
CVE-2026-3023 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web — Wakyma application web 4.3AIMediumAI2026-03-16
CVE-2026-3022 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web — Wakyma application web 6.5AIMediumAI2026-03-16
CVE-2026-3021 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web — Wakyma application web 6.5AIMediumAI2026-03-16
CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier — parse-server 7.4AIHighAI2026-03-12
CVE-2026-32247 Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters — graphiti 8.1 High2026-03-12
CVE-2026-29793 NoSQL Injection via WebSocket id Parameter in MongoDB Adapter — mongodb 9.4AICriticalAI2026-03-10
CVE-2026-30941 Parse Server has a NoSQL injection via token type in password reset and email verification endpoints — parse-server 9.8AICriticalAI2026-03-10
CVE-2026-30833 Rocket.Chat: NoSQL injection in the EE ddp-streamer-service — Rocket.Chat 9.8 -2026-03-06
CVE-2026-28211 Arbitrary code execution in log reader via untrusted log file — NVDA-Dev-Test-Toolbox 7.8 High2026-02-26
CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search — new-api 6.5AIMediumAI2026-02-24
CVE-2025-36353 IBM Db2 Denial of Service — Db2 for Linux, UNIX and Windows 6.2 Medium2026-01-30
CVE-2025-36366 IBM Db2 Denial of Service — Db2 for Linux, UNIX and Windows 6.5 Medium2026-01-30
CVE-2025-36442 IBM Db2 Denial of Service — Db2 for Linux, UNIX and Windows 6.5 Medium2026-01-30
CVE-2026-0504 Insufficient Input Handling in JNDI Operations of SAP Identity Management — SAP Identity Management 3.8 Low2026-01-13
CVE-2025-42884 JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal — SAP NetWeaver Enterprise Portal 6.5 Medium2025-11-11
CVE-2025-36185 IBM Db2 denial of service — Db2 6.2 Medium2025-11-07
CVE-2025-23292 NVIDIA Delegated Licensing Service 安全漏洞 — DLS component of NVIDIA License System 4.6 Medium2025-09-30
CVE-2025-33114 IBM Db2 for Linux denial of service — Db2 5.3 Medium2025-07-29
CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB — whodb 8.6 High2025-02-06
CVE-2021-1481 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability — Cisco Catalyst SD-WAN Manager 4.3 Medium2024-11-15
CVE-2024-4872 Hitachi Energy MicroSCADA X SYS600 安全漏洞 — MicroSCADA X SYS600 8.8 High2024-08-27
CVE-2024-31882 IBM Db2 denial of service — Db2 for Linux, UNIX and Windows 5.3 Medium2024-08-14

Vulnerabilities classified as CWE-943 (数据查询逻辑中特殊元素的不当中和) represent 36 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.