VYPR

CWE-1023

Incomplete Comparison with Missing Factors

ClassIncomplete

Description

The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.

Hierarchy (View 1000)

CVEs mapped to this weakness (7)

  • CVE-2026-7473MedKEVJun 5, 2026
    risk 0.50cvss 5.8epss 0.01

    On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other…

  • CVE-2026-4748HigApr 1, 2026
    risk 0.49cvss 7.5epss 0.00

    A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed…

  • CVE-2026-53859MedJun 16, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators…

  • CVE-2026-53839MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to…

  • CVE-2026-48587LowJun 3, 2026
    risk 0.20cvss 3.1epss 0.00

    An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header values before comparison, which allows remote attackers to read cached responses…

  • CVE-2026-4599Mar 23, 2026
    risk 0.00cvss epss 0.00

    Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting…

  • CVE-2025-46722May 29, 2025
    risk 0.00cvss epss 0.00

    vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it…