CWE-915 类弱点 68 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-915属于对象属性控制不当漏洞,指程序接收上游输入以初始化或更新对象属性时,未严格限制可修改的字段。攻击者常利用此缺陷篡改内部敏感属性,如权限标志或状态位,从而绕过安全校验或提升权限。开发者应实施严格的白名单机制,仅允许修改预期的公开属性,并对所有动态输入进行严格的类型和范围校验,确保内部属性不可被外部直接操控。
function setValueByPath (object, path, value) { const pathArray = path.split("."); const attributeToSet = pathArray.pop(); let objectToModify = object; for (const attr of pathArray) { if (typeof objectToModify[attr] !== 'object') { objectToModify[attr] = {}; } objectToModify = objectToModify[attr]; } objectToModify[attributeToSet] = value; return object; }setValueByPath({}, "__proto__.isAdmin", true) setValueByPath({}, "constructor.prototype.isAdmin", true)| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-56142 | JetBrains Hub权限提升漏洞(CVE-2024-XXXX) — Hub | 9.6 | Critical | 2026-06-19 |
| CVE-2026-46480 | Flowise 安全漏洞 — Flowise | - | - | 2026-06-08 |
| CVE-2026-46479 | Flowise 安全漏洞 — Flowise | - | - | 2026-06-08 |
| CVE-2026-46478 | Flowise 安全漏洞 — Flowise | - | - | 2026-06-08 |
| CVE-2026-46477 | Flowise 安全漏洞 — Flowise | - | - | 2026-06-08 |
| CVE-2026-46476 | Flowise 安全漏洞 — Flowise | - | - | 2026-06-08 |
| CVE-2026-46475 | Flowise 安全漏洞 — Flowise | - | - | 2026-06-08 |
| CVE-2026-42540 | Iris 安全漏洞 — iris-web | 4.3 | Medium | 2026-06-04 |
| CVE-2026-48150 | Budibase 安全漏洞 — budibase | 9.0 | Critical | 2026-05-27 |
| CVE-2026-8327 | Concrete CMS 安全漏洞 — Concrete CMS | - | - | 2026-05-21 |
| CVE-2026-6366 | Drupal core 安全漏洞 — Drupal core | - | - | 2026-05-19 |
| CVE-2026-46721 | TYPO3 Extension Frontend User Registration 安全漏洞 — Extension "Frontend User Registration" | - | - | 2026-05-19 |
| CVE-2026-45396 | Open WebUI 安全漏洞 — open-webui | 5.4 | Medium | 2026-05-15 |
| CVE-2026-45229 | quark-auto-save 安全漏洞 — quark-auto-save | 8.8 | High | 2026-05-13 |
| CVE-2025-14341 | DivvyDrive 安全漏洞 — DivvyDrive | 8.3 | High | 2026-05-07 |
| CVE-2026-41139 | mathjs 安全漏洞 — mathjs | 6.1 | - | 2026-05-07 |
| CVE-2026-33453 | Apache Camel 安全漏洞 — Apache Camel | 9.8AI | CriticalAI | 2026-04-27 |
| CVE-2026-42044 | Axios 安全漏洞 — axios | 6.5 | Medium | 2026-04-24 |
| CVE-2026-40897 | mathjs 安全漏洞 — mathjs | 8.8 | High | 2026-04-24 |
| CVE-2026-6912 | AWS Ops Wheel 安全漏洞 — AWS Ops Wheel | 8.8 | High | 2026-04-24 |
| CVE-2026-34427 | Vvveb 安全漏洞 — Vvveb | 8.8 | High | 2026-04-20 |
| CVE-2026-40486 | kimai 安全漏洞 — kimai | 4.3 | Medium | 2026-04-17 |
| CVE-2026-34179 | LXD 安全漏洞 — lxd | 9.1 | Critical | 2026-04-09 |
| CVE-2026-5708 | Amazon Web Services Research and Engineering Studio 安全漏洞 — Research and Engineering Studio (RES) | 8.8 | High | 2026-04-06 |
| CVE-2026-5251 | admin 安全漏洞 — admin | 6.3 | Medium | 2026-04-01 |
| CVE-2026-5248 | gougucms 安全漏洞 — gougucms | 6.3 | Medium | 2026-04-01 |
| CVE-2026-34406 | APTRS 安全漏洞 — APTRS | 8.8 | - | 2026-03-31 |
| CVE-2026-27953 | ormar 安全漏洞 — ormar | 7.1 | High | 2026-03-19 |
| CVE-2026-32742 | Parse Server 安全漏洞 — parse-server | 4.3 | Medium | 2026-03-18 |
| CVE-2026-29056 | Kanboard 安全漏洞 — kanboard | 8.8 | - | 2026-03-18 |
CWE-915 是常见的弱点类别,本平台收录该类弱点关联的 68 条 CVE 漏洞。