VYPR

CWE-115

Misinterpretation of Input

BaseIncomplete

Description

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (15)

  • CVE-2025-32908HigApr 14, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).

  • CVE-2023-32260MedMar 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service…

  • CVE-2025-68113MedDec 16, 2025
    risk 0.35cvss 6.5epss 0.00

    ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce,…

  • CVE-2018-7159MedMay 17, 2018
    risk 0.35cvss 5.3epss 0.04

    The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the…

  • CVE-2023-32228MedApr 11, 2024
    risk 0.30cvss 4.6epss 0.00

    A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user.

  • CVE-2025-22870MedMar 12, 2025
    risk 0.22cvss 4.4epss 0.00

    Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

  • CVE-2025-54584Jul 30, 2025
    risk 0.00cvss epss 0.00

    GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK…

  • CVE-2024-9900Mar 20, 2025
    risk 0.00cvss epss 0.00

    mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution…

  • CVE-2023-0880Feb 17, 2023
    risk 0.00cvss epss 0.01

    Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

  • CVE-2022-3224Sep 15, 2022
    risk 0.00cvss epss 0.01

    Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.

  • CVE-2022-1233Apr 4, 2022
    risk 0.00cvss epss 0.01

    URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.

  • CVE-2021-28965Apr 21, 2021
    risk 0.00cvss epss 0.05

    The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

  • CVE-2021-21366Mar 12, 2021
    risk 0.00cvss epss 0.01

    xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This…

  • CVE-2020-27846Dec 21, 2020
    risk 0.00cvss epss 0.05

    A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

  • CVE-2020-29509Dec 14, 2020
    risk 0.00cvss epss 0.02

    The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected…