CWE-913 动态管理代码资源的控制不恰当 类弱点 47 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-913指动态管理代码资源控制不当,属于资源管理缺陷。攻击者常利用此漏洞通过注入或篡改动态生成的代码、变量或对象,导致执行非预期逻辑或提升权限。开发者应避免直接执行不可信输入,严格限制动态代码的创建与修改范围,实施最小权限原则,并对动态资源进行严格的类型检查和输入验证,以消除潜在的安全风险。
$MessageFile = "messages.out"; if ($_GET["action"] == "NewMessage") { $name = $_GET["name"]; $message = $_GET["message"]; $handle = fopen($MessageFile, "a+"); fwrite($handle, "<b>$name</b> says '$message'<hr>\n"); fclose($handle); echo "Message Saved!<p>\n"; } else if ($_GET["action"] == "ViewMessages") { include($MessageFile); }name=h4x0r message=%3C?php%20system(%22/bin/ls%20-l%22);?%3EString ctl = request.getParameter("ctl"); Worker ao = null; if (ctl.equals("Add")) { ao = new AddCommand(); } else if (ctl.equals("Modify")) { ao = new ModifyCommand(); } else { throw new UnknownActionError(); } ao.doAction(request);String ctl = request.getParameter("ctl"); Class cmdClass = Class.forName(ctl + "Command"); Worker ao = (Worker) cmdClass.newInstance(); ao.doAction(request);| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-34156 | Nocobase 安全漏洞 — nocobase | 10.0 | Critical | 2026-03-31 |
| CVE-2026-33286 | Graphiti 安全漏洞 — graphiti | 9.1 | Critical | 2026-03-23 |
| CVE-2025-69219 | Apache Airflow 安全漏洞 — Apache Airflow Providers Http | 8.8AI | HighAI | 2026-03-09 |
| CVE-2026-25049 | n8n 安全漏洞 — n8n | 9.9AI | CriticalAI | 2026-02-04 |
| CVE-2026-1770 | CrafterCMS 安全漏洞 — CrafterCMS | 8.8AI | HighAI | 2026-02-02 |
| CVE-2025-68613 | n8n 安全漏洞 — n8n | 10.0 | Critical | 2025-12-19 |
| CVE-2025-14695 | HaloBot 安全漏洞 — HaloBot | 6.3 | Medium | 2025-12-15 |
| CVE-2025-13659 | Ivanti Endpoint Manager 安全漏洞 — Endpoint Manager | 8.8 | High | 2025-12-09 |
| CVE-2025-13426 | Google Apigee hybrid Javacallout policy 安全漏洞 — Apigee hybrid Javacallout policy | 8.8 | - | 2025-12-05 |
| CVE-2024-5401 | Synology DiskStation Manager和Synology Unified Controller 安全漏洞 — DiskStation Manager (DSM) | 4.3 | Medium | 2025-12-04 |
| CVE-2025-54065 | GZDoom 安全漏洞 — gzdoom | 7.8 | High | 2025-12-03 |
| CVE-2025-9905 | Keras 安全漏洞 — Keras | 7.8 | - | 2025-09-19 |
| CVE-2025-25270 | PHOENIX CONTACT多款产品 安全漏洞 — CHARX SEC-3150 | 9.8 | Critical | 2025-07-08 |
| CVE-2025-6705 | Eclipse Open VSX 安全漏洞 — Eclipse Open VSX Registry | 9.8AI | CriticalAI | 2025-06-27 |
| CVE-2025-6384 | CrafterCMS 安全漏洞 — CrafterCMS | 8.8AI | HighAI | 2025-06-19 |
| CVE-2025-46675 | CryptoLib 安全漏洞 — CryptoLib | 3.5 | Low | 2025-04-27 |
| CVE-2025-46673 | CryptoLib 安全漏洞 — CryptoLib | 4.9 | Medium | 2025-04-27 |
| CVE-2022-31764 | Apache ShardingSphere ElasticJob-UI 安全漏洞 — Apache ShardingSphere ElasticJob-UI | 9.8 | - | 2025-02-06 |
| CVE-2024-7297 | Langflow 安全漏洞 | 8.8 | High | 2024-07-30 |
| CVE-2024-2537 | Logitech Logi Tune 安全漏洞 — Logi Tune | 4.4 | Medium | 2024-03-15 |
| CVE-2024-27135 | Apache Pulsar 安全漏洞 — Apache Pulsar | 8.5 | High | 2024-03-12 |
| CVE-2023-6184 | Citrix Systems Session Recording 安全漏洞 — Citrix Session Recording | 5.0 | Medium | 2024-01-18 |
| CVE-2023-5763 | Eclipse Glassfish 安全漏洞 — Glassfish | 6.8 | Medium | 2023-11-03 |
| CVE-2023-37271 | RestrictedPython 安全漏洞 — RestrictedPython | 8.4 | High | 2023-07-11 |
| CVE-2023-35930 | SpiceDB 安全漏洞 — spicedb | 3.7 | Low | 2023-06-26 |
| CVE-2023-29199 | vm2 安全漏洞 — vm2 | 9.8 | Critical | 2023-04-14 |
| CVE-2023-29017 | vm2 安全漏洞 — vm2 | 10.0 | Critical | 2023-04-06 |
| CVE-2023-25560 | DataHub 安全漏洞 — datahub | 8.2 | High | 2023-02-10 |
| CVE-2022-3225 | Budibase 访问控制错误漏洞 — budibase/budibase | 8.8 | High | 2022-09-16 |
| CVE-2022-40635 | Crafter CMS 安全漏洞 — Crafter CMS | 6.4 | Medium | 2022-09-13 |
CWE-913(动态管理代码资源的控制不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 47 条 CVE 漏洞。