VYPR

CWE-1284

Improper Validation of Specified Quantity in Input

BaseIncomplete

Description

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (151)

page 2 of 8
  • CVE-2026-46385HigMay 29, 2026
    risk 0.50cvss epss 0.00

    iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which…

  • CVE-2026-46384HigMay 29, 2026
    risk 0.50cvss epss 0.00

    iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On…

  • CVE-2026-49110HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.

  • CVE-2026-49078HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.

  • CVE-2026-45441HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.

  • CVE-2026-8047HigMay 26, 2026
    risk 0.49cvss 7.5epss 0.00

    The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.

  • CVE-2025-14869HigMay 14, 2026
    risk 0.49cvss 7.5epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints.

  • CVE-2026-25863HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fields_regex_callback() method reads an iteration count directly from user-supplied…

  • CVE-2026-1092HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.

  • CVE-2025-12664HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

  • CVE-2026-30573HigApr 1, 2026
    risk 0.49cvss 7.5epss 0.00

    A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values…

  • CVE-2026-30575HigMar 27, 2026
    risk 0.49cvss 7.5epss 0.00

    A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This causes the system to decrease the…

  • CVE-2021-47831HigJan 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an…

  • CVE-2021-47827HigJan 16, 2026
    risk 0.49cvss 7.5epss 0.00

    WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the…

  • CVE-2021-47824HigJan 16, 2026
    risk 0.49cvss 7.5epss 0.00

    iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash.

  • CVE-2021-47821HigJan 16, 2026
    risk 0.49cvss 7.5epss 0.00

    RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing network configuration fields with large character buffers. Attackers can generate a 100,000 character buffer and paste it into multiple network settings…

  • CVE-2021-47818HigJan 16, 2026
    risk 0.49cvss 7.5epss 0.00

    DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop…

  • CVE-2024-30516HigJan 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27.

  • CVE-2025-32689HigSep 9, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through <= 2.8.2.

  • CVE-2024-9448HigMay 8, 2025
    risk 0.49cvss 7.5epss 0.00

    On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be…