VYPR

CWE-1287

Improper Validation of Specified Type of Input

BaseIncomplete

Description

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (69)

page 1 of 4
  • CVE-2025-9042HigAug 14, 2025
    risk 0.57cvss epss 0.00

    A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010),…

  • CVE-2025-9041HigAug 14, 2025
    risk 0.57cvss epss 0.00

    A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010),…

  • CVE-2026-40851HigMay 27, 2026
    risk 0.55cvss 8.4epss 0.00

    A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability.

  • CVE-2025-20251HigAug 14, 2025
    risk 0.55cvss 8.5epss 0.00

    A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying…

  • CVE-2026-9753HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the…

  • CVE-2025-42929HigSep 9, 2025
    risk 0.53cvss 8.1epss 0.00

    Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.

  • CVE-2025-42916HigSep 9, 2025
    risk 0.53cvss 8.1epss 0.00

    Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but…

  • CVE-2025-24876HigFeb 11, 2025
    risk 0.53cvss 8.1epss 0.00

    The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the…

  • CVE-2025-20327HigSep 24, 2025
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this…

  • CVE-2025-20244HigAug 14, 2025
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload…

  • CVE-2026-9742HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in…

  • CVE-2026-49941HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a…

  • CVE-2026-20119HigFeb 4, 2026
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due…

  • CVE-2025-41729HigNov 24, 2025
    risk 0.49cvss 7.5epss 0.00

    An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.

  • CVE-2025-41650HigMay 27, 2025
    risk 0.49cvss 7.5epss 0.00

    An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.

  • CVE-2024-8058HigDec 16, 2024
    risk 0.49cvss 7.6epss 0.00

    An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading.

  • CVE-2024-9404HigDec 4, 2024
    risk 0.49cvss 7.5epss 0.01

    This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat,…

  • CVE-2024-8403HigNov 19, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 to 1.200 and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication…

  • CVE-2026-11460HigJun 7, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The…

  • CVE-2025-10207HigSep 18, 2025
    risk 0.47cvss 7.2epss 0.00

    Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5.