VYPR

CWE-1286

Improper Validation of Syntactic Correctness of Input

BaseIncomplete

Description

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-66 · CAPEC-676

CVEs mapped to this weakness (49)

page 3 of 3
  • CVE-2026-25513Feb 4, 2026
    risk 0.00cvss epss 0.00

    FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort…

  • CVE-2025-67492Dec 16, 2025
    risk 0.00cvss epss 0.00

    Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLE_HOOKS avoids this…

  • CVE-2025-10954Sep 27, 2025
    risk 0.00cvss epss 0.00

    Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out…

  • CVE-2025-22868Feb 26, 2025
    risk 0.00cvss epss 0.01

    An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

  • CVE-2024-34537Oct 28, 2024
    risk 0.00cvss epss 0.01

    TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS,…

  • CVE-2024-6763Oct 14, 2024
    risk 0.00cvss epss 0.01

    Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs…

  • CVE-2024-6284Jul 3, 2024
    risk 0.00cvss epss 0.00

    In https://github.com/google/nftables  IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects:  https://pkg.go.dev/github.com/google/nftabl…

  • CVE-2024-29041Mar 25, 2024
    risk 0.00cvss epss 0.01

    Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL…

  • CVE-2022-1941Sep 22, 2022
    risk 0.00cvss epss 0.01

    A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python…