CWE-74 输出中的特殊元素转义处理不恰当(注入) 类弱点 423 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-74指下游组件注入漏洞,属输入验证缺陷。攻击者通过构造包含特殊字符的恶意输入,干扰下游组件对命令或数据的解析逻辑,从而执行非预期操作或篡改数据结构。开发者应避免直接拼接用户输入,需实施严格的输入过滤与输出编码,确保特殊元素被正确转义或隔离,防止其被下游组件误解释为可执行指令或结构标记。
$userName = $_POST["user"]; $command = 'ls -l /home/' . $userName; system($command);;rm -rf /String author = request.getParameter(AUTHOR_PARAM); ... Cookie cookie = new Cookie("author", author); cookie.setMaxAge(cookieExpiration); response.addCookie(cookie);HTTP/1.1 200 OK ... Set-Cookie: author=Jane Smith ...| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-25586 | SandboxJS 安全漏洞 — SandboxJS | 10.0 | Critical | 2026-02-06 |
| CVE-2026-25520 | SandboxJS 安全漏洞 — SandboxJS | 10.0 | Critical | 2026-02-06 |
| CVE-2026-24043 | jsPDF 注入漏洞 — jsPDF | 7.6AI | HighAI | 2026-02-02 |
| CVE-2025-41083 | Altitude Communication Server 注入漏洞 — Altitude Communication Server | 6.1AI | MediumAI | 2026-01-26 |
| CVE-2026-24010 | Horilla 安全漏洞 — horilla | 8.0AI | HighAI | 2026-01-22 |
| CVE-2026-24002 | Grist 注入漏洞 — grist-core | 9.1 | Critical | 2026-01-22 |
| CVE-2026-0865 | CPython 安全漏洞 — CPython | 4.7AI | MediumAI | 2026-01-20 |
| CVE-2026-22200 | Enhancesoft osTicket 注入漏洞 — osTicket | 6.5AI | MediumAI | 2026-01-12 |
| CVE-2025-67746 | Composer 注入漏洞 — composer | 8.1 | - | 2025-12-30 |
| CVE-2025-14674 | SnailJob 安全漏洞 — snail-job | 6.3 | Medium | 2025-12-14 |
| CVE-2024-56840 | Siemens RUGGEDCOM ROX II 注入漏洞 — RUGGEDCOM ROX MX5000 | 7.2 | High | 2025-12-09 |
| CVE-2024-56839 | Siemens RUGGEDCOM ROX II 注入漏洞 — RUGGEDCOM ROX MX5000 | 7.2 | High | 2025-12-09 |
| CVE-2024-56838 | Siemens RUGGEDCOM ROX II 注入漏洞 — RUGGEDCOM ROX MX5000 | 7.2 | High | 2025-12-09 |
| CVE-2024-56835 | Siemens RUGGEDCOM ROX II 注入漏洞 — RUGGEDCOM ROX MX5000 | 8.8 | High | 2025-12-09 |
| CVE-2025-66025 | Caido 注入漏洞 — caido | 4.3 | Medium | 2025-11-26 |
| CVE-2025-64428 | Dataease 注入漏洞 — dataease | 9.1 | - | 2025-11-20 |
| CVE-2025-13268 | dataCompare 安全漏洞 — dataCompare | 6.3 | Medium | 2025-11-17 |
| CVE-2025-64741 | Zoom Workplace 安全漏洞 — Zoom Workplace for Android | 8.1 | High | 2025-11-13 |
| CVE-2025-64099 | OpenAM 注入漏洞 — OpenAM | 4.3 | - | 2025-11-12 |
| CVE-2025-47286 | Combodo iTop 注入漏洞 — iTop | 9.1 | - | 2025-11-10 |
| CVE-2025-62697 | MediaWiki - LanguageSelector Extension 安全漏洞 — Mediawiki - LanguageSelector Extension | 9.8AI | CriticalAI | 2025-10-20 |
| CVE-2025-61773 | pyLoad 安全漏洞 — pyload | 8.1 | High | 2025-10-09 |
| CVE-2025-11445 | Kilo Code 安全漏洞 — Kilo Code | 6.3 | Medium | 2025-10-08 |
| CVE-2025-7350 | Rockwell Automation Stratix IOS 安全漏洞 — Stratix IOS | 9.8AI | CriticalAI | 2025-09-09 |
| CVE-2025-6785 | Tesla Model 3 安全漏洞 — Model 3 | 6.1AI | MediumAI | 2025-09-04 |
| CVE-2025-9797 | expressCart 安全漏洞 — expressCart | 2.4 | Low | 2025-09-01 |
| CVE-2025-20265 | Cisco Secure Firewall Management Center 注入漏洞 — Cisco Firepower Management Center | 10.0 | Critical | 2025-08-14 |
| CVE-2025-20337 | Cisco ISE和Cisco ISE-PIC 注入漏洞 — Cisco Identity Services Engine Software | 10.0 | Critical | 2025-07-16 |
| CVE-2025-20284 | Cisco ISE和Cisco ISE-PIC 注入漏洞 — Cisco Identity Services Engine Software | 6.5 | Medium | 2025-07-16 |
| CVE-2025-20283 | Cisco ISE和Cisco ISE-PIC 注入漏洞 — Cisco Identity Services Engine Software | 6.5 | Medium | 2025-07-16 |
CWE-74(输出中的特殊元素转义处理不恰当(注入)) 是常见的弱点类别,本平台收录该类弱点关联的 423 条 CVE 漏洞。