VYPR

CWE-1284

Improper Validation of Specified Quantity in Input

BaseIncomplete

Description

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (151)

page 3 of 8
  • CVE-2025-3511HigApr 25, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module, CC-Link IE TSN Remote…

  • CVE-2024-47257HigNov 26, 2024
    risk 0.49cvss 7.5epss 0.00

    Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. Axis has released patched AXIS OS versions for the highlighted flaw for products that are still…

  • CVE-2024-39697HigJul 9, 2024
    risk 0.49cvss 8.6epss 0.01

    phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get…

  • CVE-2024-30527HigMay 17, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7.

  • CVE-2025-5808HigAug 29, 2025
    risk 0.47cvss epss 0.00

    Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3.

  • CVE-2024-6068HigNov 14, 2024
    risk 0.47cvss 7.3epss 0.00

    A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.

  • CVE-2026-42013HigMay 26, 2026
    risk 0.46cvss 8.2epss 0.00

    A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation,…

  • CVE-2026-40093HigApr 9, 2026
    risk 0.46cvss 8.1epss 0.00

    nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT for skip blocks, but…

  • CVE-2025-11743HigJan 20, 2026
    risk 0.46cvss epss 0.00

    A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover.

  • CVE-2024-6768MedAug 12, 2024
    risk 0.46cvss epss 0.03

    A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.

  • CVE-2024-38659HigJun 21, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID,…

  • CVE-2024-35965HigMay 20, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data.

  • CVE-2026-9704MedMay 27, 2026
    risk 0.44cvss 6.8epss 0.00

    A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to…

  • CVE-2025-59820MedNov 26, 2025
    risk 0.44cvss 6.7epss 0.00

    In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.

  • CVE-2024-3185MedApr 23, 2024
    risk 0.44cvss 6.8epss 0.00

    A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high…

  • CVE-2024-23593MedApr 15, 2024
    risk 0.44cvss 6.7epss 0.00

    A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges.

  • CVE-2025-0038MedOct 6, 2025
    risk 0.43cvss 6.6epss 0.00

    In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality.

  • CVE-2026-44635HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlled input flows into eb.ref(col, '->$').key(input) or .at(input) — including…

  • CVE-2026-3676MedMay 27, 2026
    risk 0.42cvss 6.5epss 0.00

    IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic…

  • CVE-2026-42744MedMay 27, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through <= 3.0.2.