VYPR

CWE-1286

Improper Validation of Syntactic Correctness of Input

BaseIncomplete

Description

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-66 · CAPEC-676

CVEs mapped to this weakness (49)

page 1 of 3
  • CVE-2024-7954CriAug 23, 2024
    risk 0.74cvss 9.8epss 0.90

    The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.

  • CVE-2025-41719HigOct 22, 2025
    risk 0.57cvss 8.8epss 0.01

    A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password.

  • CVE-2026-6442HigApr 16, 2026
    risk 0.54cvss 8.3epss 0.00

    Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository,…

  • CVE-2024-26507HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or…

  • CVE-2026-50131HigJun 10, 2026
    risk 0.49cvss 8.6epss 0.00

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation…

  • CVE-2025-8873HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not…

  • CVE-2026-33778HigApr 9, 2026
    risk 0.49cvss 7.5epss 0.00

    An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS). If an…

  • CVE-2024-51983HigJun 25, 2025
    risk 0.49cvss 7.5epss 0.07

    An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to…

  • CVE-2024-51982HigJun 25, 2025
    risk 0.49cvss 7.5epss 0.07

    An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable…

  • CVE-2025-30415HigJun 4, 2025
    risk 0.49cvss 7.5epss 0.00

    Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.

  • CVE-2025-24346HigApr 30, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request.

  • CVE-2025-0638HigJan 22, 2025
    risk 0.49cvss 7.5epss 0.00

    The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator.

  • CVE-2024-0218HigApr 10, 2024
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS…

  • CVE-2026-24092HigJun 1, 2026
    risk 0.47cvss 7.2epss 0.00

    Memory Corruption when processing fastboot commands to set display mode.

  • CVE-2026-24091HigJun 1, 2026
    risk 0.47cvss 7.2epss 0.00

    Memory corruption while processing fastboot commands with improperly formatted input.

  • CVE-2026-24089HigJun 1, 2026
    risk 0.47cvss 7.2epss 0.00

    Memory corruption while processing fastboot commands with invalid input.

  • CVE-2026-24087HigJun 1, 2026
    risk 0.47cvss 7.2epss 0.00

    Memory corruption while processing fastboot OEM commands.

  • CVE-2026-0983HigMay 18, 2026
    risk 0.46cvss epss 0.00

    Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash

  • CVE-2019-25720MedJun 3, 2026
    risk 0.42cvss 6.5epss 0.00

    Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send…

  • CVE-2026-7307HigMay 19, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS)…