目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CWE-693 保护机制失效 类漏洞列表 224

CWE-693 保护机制失效 类弱点 224 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-693指保护机制失效,属于安全控制缺陷。当应用缺失或错误配置防御手段时,攻击者可绕过安全限制,直接执行未授权操作或获取敏感数据。此类漏洞常因忽视特定攻击向量或机制实现不当引发。开发者需全面识别潜在威胁,确保启用并正确配置足够强度的防护机制,定期审查安全策略以消除盲区,从而有效抵御定向攻击。

MITRE CWE 官方描述
CWE:CWE-693 Protection Mechanism Failure(保护机制失效) 英文:产品未使用或不正确地使用了一种保护机制,该机制本应针对针对产品的定向攻击提供充分的防御。 此弱点涵盖三种不同的情况。当应用程序未针对某一类攻击定义任何机制时,会出现“缺失”(missing)的保护机制。当保护机制提供了一些防御——例如针对最常见的攻击——但未能保护所有预期目标时,属于“不足”(insufficient)的保护机制。最后,当机制在产品中可用且处于活跃使用状态,但开发者未在某个代码路径中应用该机制时,则属于“忽略”(ignored)的机制。
常见影响 (1)
Access ControlBypass Protection Mechanism
CVE IDタイトルCVSS深刻度公開日
CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node — n8n 9.9 Critical2025-12-26
CVE-2025-13326 Mattermost Desktop App fails to enable Hardened Runtime when packaged for Mac App Store — Mattermost 3.9 Low2025-12-17
CVE-2025-14304 ASRock, ASRockRack, ASRockInd|Motherboard - Protection Mechanism Failure — Intel 500 chipset motherboard 6.8 Medium2025-12-17
CVE-2025-14303 MSI|Motherboard - Protection Mechanism Failure — Intel 600 chipset motherboard 6.8 Medium2025-12-17
CVE-2025-14302 GIGABYTE|Motherboard - Protection Mechanism Failure — intel 600 chipset Motherboard 6.8 Medium2025-12-17
CVE-2025-67460 Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure — Zoom Rooms 7.8 High2025-12-10
CVE-2025-67485 HTTP/HTTPS Traffic Interception Bypass in mad-proxy — mad-proxy 5.3 Medium2025-12-10
CVE-2025-34413 Legality WHISTLEBLOWING Missing Critical HTTP Security Headers — Legality WHISTLEBLOWING 5.4AIMediumAI2025-12-09
CVE-2025-66479 Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing — sandbox-runtime 5.3AIMediumAI2025-12-04
CVE-2025-64763 Envoy forwards early CONNECT data in TCP proxy mode — envoy 3.7 Low2025-12-03
CVE-2025-29864 Estsoft Alzip 安全漏洞 — ALZip 6.2AIMediumAI2025-12-03
CVE-2025-65100 Security Snapshot May Use Unintended Timestamp When Only ISAR_APT_SNAPSHOT_DATE Is Set — isar 9.1AICriticalAI2025-11-19
CVE-2025-11260 WP Headless CMS Framework <= 1.15 - Unauthenticated Protection Mechanism Bypass — WP Headless CMS Framework 5.3 Medium2025-11-13
CVE-2025-10905 Collision in minifilter driver of Avast Free Antivirus results in disabling of real-time protection — Free Antivirus 4.4 Medium2025-11-11
CVE-2025-60711 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability — Microsoft Edge (Chromium-based) 6.3 Medium2025-10-31
CVE-2025-12554 Missing Security Headers — BLU-IC2--2025-10-31
CVE-2025-12094 OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header Spoofing — OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) 5.3 Medium2025-10-31
CVE-2025-0277 HCL BigFix Mobile is affected by an insecure Content Security Policy (CSP) — BigFix Mobile 6.5 Medium2025-10-16
CVE-2025-0276 HCL BigFix Modern Client Management (MCM) is affected by an insecure Content Security Policy (CSP) — BigFix Modern Client Management 6.5 Medium2025-10-16
CVE-2025-52615 HCL Unica Platform is impacted by misconfigured security related HTTP headers — Unica Platform 3.5 Low2025-10-12
CVE-2025-10157 PickleScan Bypasses Unsafe Globals Check Using Submodule Imports — picklescan 9.8AICriticalAI2025-09-17
CVE-2025-54917 MapUrlToZone Security Feature Bypass Vulnerability — Windows 10 Version 1507 4.3 Medium2025-09-09
CVE-2025-20347 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability — Cisco Data Center Network Manager 5.4 Medium2025-08-27
CVE-2025-43728 Dell ThinOS 10 安全漏洞 — ThinOS 10 9.6 Critical2025-08-27
CVE-2025-3770 SMM IDT Privilege Escalation Vulnerability — EDK2 7.0 High2025-08-07
CVE-2025-8656 Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability — DMX958XR 4.6AIMediumAI2025-08-06
CVE-2025-52951 Junos OS: IPv6 firewall filter fails to match payload-protocol — Junos OS 5.8 Medium2025-07-11
CVE-2025-46358 Emerson ValveLink Products Protection Mechanism Failure — ValveLink SOLO 7.7 High2025-07-10
CVE-2025-49740 Windows SmartScreen Security Feature Bypass Vulnerability — Windows 10 Version 1507 8.8 High2025-07-08
CVE-2025-48800 Windows BitLocker Security Feature Bypass Vulnerability — Windows 10 Version 1507 6.8 Medium2025-07-08

CWE-693(保护机制失效) 是常见的弱点类别,本平台收录该类弱点关联的 224 条 CVE 漏洞。