CWE-693 604 個 CVE MITRE 定義 ↗

CWE-693:Protection Mechanism Failure

概覽

CWE-693(Protection Mechanism Failure)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined
technology ICS/OT Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-61437 2026-07-10 PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workf…
CVE-2026-60086 2026-07-10 PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to ma…
CVE-2026-59854 2026-07-09 SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, POST /api/file/globalCopyFiles accepts attacker-supplied absolute source paths and relies on util.IsSensitivePath in kern…
CVE-2026-0278 2026-07-09 Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Ag…
CVE-2026-59223 2026-07-09 Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEB_FETCH_FILTER_LIST matching compared configured host entries against URL strings and non-label…
CVE-2026-59207 2026-07-09 n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP…
CVE-2026-14535 2026-07-04 In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless o…
CVE-2026-14625 2026-07-04 A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection…
CVE-2025-71373 2026-07-03 picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using …
CVE-2026-14440 2026-07-01 Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is …
CVE-2026-14409 2026-07-01 Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox v…
CVE-2026-14151 2026-06-30 Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML…
CVE-2026-14120 2026-06-30 Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte…
CVE-2026-14101 2026-06-30 Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via…
CVE-2026-14097 2026-06-30 Inappropriate implementation in WebAppInstalls in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape…
CVE-2026-14092 2026-06-30 Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. (Chromi…
CVE-2026-14076 2026-06-30 Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low…
CVE-2026-14059 2026-06-30 Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity…
CVE-2026-14058 2026-06-30 Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)…
CVE-2026-14050 2026-06-30 Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2008-04-11
版本
Draft 9

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Description, Relationships, Other_Notes
2009-01-12 CWE Content Team 1.2 updated Relationships
2009-03-10 CWE Content Team 1.3 updated Related_Attack_Patterns, Relationships
2009-05-27 CWE Content Team 1.4 updated Description, Related_Attack_Patterns
2009-07-27 CWE Content Team 1.5 updated Relationships
2009-10-29 CWE Content Team 1.6 updated Relationships
2010-02-16 CWE Content Team 1.8 updated Relationships
2011-03-29 CWE Content Team 1.12 updated Maintenance_Notes, Other_Notes, Relationships
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Related_Attack_Patterns, Relationships
2013-02-21 CWE Content Team 2.4 updated Relationships
2013-07-17 CWE Content Team 2.5 updated Relationships
2014-02-18 CWE Content Team 2.6 updated Related_Attack_Patterns
2014-07-30 CWE Content Team 2.8 updated Relationships
2015-12-07 CWE Content Team 2.9 updated Relationships
2017-01-19 CWE Content Team 2.10 updated Relationships
2017-05-03 CWE Content Team 2.11 updated Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms
2018-03-27 CWE Content Team 3.1 updated Relationships
2019-01-03 CWE Content Team 3.2 updated Related_Attack_Patterns
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns, Relationships
2020-02-24 CWE Content Team 4.0 updated Applicable_Platforms, Related_Attack_Patterns, Relationships, Type
2020-06-25 CWE Content Team 4.1 updated Relationships
2020-08-20 CWE Content Team 4.2 updated Related_Attack_Patterns, Relationships
2020-12-10 CWE Content Team 4.3 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Maintenance_Notes
2021-07-20 CWE Content Team 4.5 updated Related_Attack_Patterns
2021-10-28 CWE Content Team 4.6 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Applicable_Platforms, Relationships
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-04-03 CWE Content Team 4.17 updated Relationships
2025-12-11 CWE Content Team 4.19 updated Relationships, Weakness_Ordinalities
2026-04-30 CWE Content Team 4.20 updated Mapping_Notes
cvelogic Threat Intelligence