CWE-183 宽松定义的白名单 类弱点 28 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-183 属于输入验证漏洞,指应用程序依赖白名单机制过滤输入,但允许列表过于宽松,未能排除潜在恶意数据。攻击者常利用此缺陷,通过构造符合宽松规则但实际有害的输入,绕过安全限制并触发注入、跨站脚本等后续攻击。开发者应避免过度放宽白名单,需结合严格的类型检查、长度限制及上下文编码,确保仅允许真正安全的输入通过,从而从源头消除风险。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-44111 | OpenClaw <2026.4.15 QMD内存读取任意Markdown文件漏洞 — OpenClaw | 4.3 | Medium | 2026-05-06 |
| CVE-2026-43574 | OpenClaw <2026.4.12 空审批人列表越权漏洞 — OpenClaw | 6.5 | Medium | 2026-05-05 |
| CVE-2026-29514 | NetBox 4.3.5-4.5.4 模板渲染远程代码执行漏洞 — netbox | 8.8 | High | 2026-05-04 |
| CVE-2026-41387 | OpenClaw 安全漏洞 — OpenClaw | 7.8 | High | 2026-04-28 |
| CVE-2026-42042 | Axios 安全漏洞 — axios | 5.4 | Medium | 2026-04-24 |
| CVE-2026-42043 | Axios 安全漏洞 — axios | 7.2 | High | 2026-04-24 |
| CVE-2026-41240 | DOMPurify 跨站脚本漏洞 — DOMPurify | 7.2AI | HighAI | 2026-04-23 |
| CVE-2026-40899 | DataEase 安全漏洞 — dataease | 8.3AI | HighAI | 2026-04-16 |
| CVE-2026-35649 | OpenClaw 安全漏洞 — OpenClaw | 6.5 | Medium | 2026-04-10 |
| CVE-2026-21915 | Juniper Networks Support Insights Virtual Lightweight Collector 安全漏洞 — JSI LWC | 6.7 | Medium | 2026-04-09 |
| CVE-2026-33979 | Express XSS Sanitizer 安全漏洞 — express-xss-sanitizer | 8.2 | High | 2026-03-27 |
| CVE-2026-32881 | ewe 安全漏洞 — ewe | 5.3 | Medium | 2026-03-20 |
| CVE-2026-2303 | MongoDB Go Driver 安全漏洞 — MongoDB Go Driver | 6.5 | Medium | 2026-02-10 |
| CVE-2025-59457 | JetBrains TeamCity 安全漏洞 — TeamCity | 7.7 | High | 2025-09-17 |
| CVE-2025-53762 | Microsoft Purview 安全漏洞 — Microsoft Purview | 8.7 | High | 2025-07-18 |
| CVE-2025-24349 | Bosch Rexroth ctrlX OS 安全漏洞 — ctrlX OS - Device Admin | 7.1 | High | 2025-04-30 |
| CVE-2024-47565 | Siemens SINEC Security Monitor 安全漏洞 — SINEC Security Monitor | 4.3 | Medium | 2024-10-08 |
| CVE-2024-38522 | Hush Line 安全漏洞 — hushline | 6.3 | Medium | 2024-06-28 |
| CVE-2023-7250 | iperf 安全漏洞 — Red Hat Enterprise Linux 8 | 5.3 | Medium | 2024-03-18 |
| CVE-2024-1654 | PaperCut NG/MF 安全漏洞 — PaperCut NG, PaperCut MF | 7.2 | High | 2024-03-14 |
| CVE-2023-4399 | Grafana 安全漏洞 — Grafana Enterprise | 6.6 | Medium | 2023-10-17 |
| CVE-2022-42469 | Fortinet FortiGate 安全漏洞 — FortiOS | 4.1 | Medium | 2023-04-11 |
| CVE-2022-34450 | Dell PowerPath Management Appliance 安全漏洞 — PowerPath Management Appliance | 6.7 | Medium | 2023-02-10 |
| CVE-2022-23158 | Dell Wyse Device Agent 信息泄露漏洞 — Dell Wyse Device Agent | 6.0 | Medium | 2022-04-01 |
| CVE-2021-40128 | Cisco Webex Meetings 安全漏洞 — Cisco Webex Meetings | 5.3 | Medium | 2021-11-04 |
| CVE-2021-34787 | Cisco Firepower Threat Defense(FTD)和Cisco Adaptive Security Appliances Software(ASA Software)安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software | 5.3 | Medium | 2021-10-27 |
| CVE-2020-25696 | PostgreSQL 安全漏洞 — PostgreSQL | 8.1 | - | 2020-11-23 |
| CVE-2020-1694 | Red Hat Keycloak 安全漏洞 — keycloak | 6.5 | - | 2020-09-16 |
CWE-183(宽松定义的白名单) 是常见的弱点类别,本平台收录该类弱点关联的 28 条 CVE 漏洞。