VYPR

CWE-1025

Comparison Using Wrong Factors

BaseIncomplete

Description

The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses.

Hierarchy (View 1000)

Parents

CVEs mapped to this weakness (7)

  • CVE-2026-40880HigApr 21, 2026
    risk 0.46cvss 8.1epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid…

  • CVE-2026-40227MedApr 10, 2026
    risk 0.40cvss 6.2epss 0.00

    In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.

  • CVE-2025-32464MedApr 9, 2025
    risk 0.37cvss 6.8epss 0.01

    HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.

  • CVE-2026-48860MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS,…

  • CVE-2025-27839LowMar 8, 2025
    risk 0.14cvss 3.2epss 0.00

    operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible.

  • CVE-2025-2888Mar 27, 2025
    risk 0.00cvss epss 0.00

    During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, preventing the next update until the cache is cleared. Users should upgrade to…

  • CVE-2025-2887Mar 27, 2025
    risk 0.00cvss epss 0.00

    During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure any forked or…