CWE-1287
Improper Validation of Specified Type of Input
Description
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (69)
page 1 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9042 | Hig | 0.57 | — | 0.00 | Aug 14, 2025 | A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010),… | ||
| CVE-2025-9041 | Hig | 0.57 | — | 0.00 | Aug 14, 2025 | A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010),… | ||
| CVE-2026-40851 | — | Hig | 0.55 | 8.4 | 0.00 | May 27, 2026 | A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability. | |
| CVE-2025-20251 | Hig | 0.55 | 8.5 | 0.00 | Aug 14, 2025 | A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying… | ||
| CVE-2026-9753 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2026 | The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the… | ||
| CVE-2025-42929 | — | Hig | 0.53 | 8.1 | 0.00 | Sep 9, 2025 | Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database. | |
| CVE-2025-42916 | — | Hig | 0.53 | 8.1 | 0.00 | Sep 9, 2025 | Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but… | |
| CVE-2025-24876 | Hig | 0.53 | 8.1 | 0.00 | Feb 11, 2025 | The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the… | ||
| CVE-2025-20327 | Hig | 0.50 | 7.7 | 0.00 | Sep 24, 2025 | A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this… | ||
| CVE-2025-20244 | Hig | 0.50 | 7.7 | 0.00 | Aug 14, 2025 | A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload… | ||
| CVE-2026-9742 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in… | ||
| CVE-2026-49941 | Hig | 0.49 | 7.5 | 0.00 | Jun 4, 2026 | Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a… | ||
| CVE-2026-20119 | Hig | 0.49 | 7.5 | 0.00 | Feb 4, 2026 | A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due… | ||
| CVE-2025-41729 | — | Hig | 0.49 | 7.5 | 0.00 | Nov 24, 2025 | An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service. | |
| CVE-2025-41650 | — | Hig | 0.49 | 7.5 | 0.00 | May 27, 2025 | An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service. | |
| CVE-2024-8058 | Hig | 0.49 | 7.6 | 0.00 | Dec 16, 2024 | An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading. | ||
| CVE-2024-9404 | Hig | 0.49 | 7.5 | 0.01 | Dec 4, 2024 | This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat,… | ||
| CVE-2024-8403 | Hig | 0.49 | 7.5 | 0.01 | Nov 19, 2024 | Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 to 1.200 and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication… | ||
| CVE-2026-11460 | Hig | 0.47 | 7.3 | 0.00 | Jun 7, 2026 | A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The… | ||
| CVE-2025-10207 | Hig | 0.47 | 7.2 | 0.00 | Sep 18, 2025 | Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. |
- risk 0.57cvss —epss 0.00
A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010),…
- risk 0.57cvss —epss 0.00
A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010),…
- risk 0.55cvss 8.4epss 0.00
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability.
- risk 0.55cvss 8.5epss 0.00
A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying…
- risk 0.53cvss 8.1epss 0.00
The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the…
- risk 0.53cvss 8.1epss 0.00
Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.
- risk 0.53cvss 8.1epss 0.00
Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but…
- risk 0.53cvss 8.1epss 0.00
The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the…
- risk 0.50cvss 7.7epss 0.00
A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this…
- risk 0.50cvss 7.7epss 0.00
A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload…
- risk 0.49cvss 7.5epss 0.00
When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in…
- risk 0.49cvss 7.5epss 0.00
Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a…
- risk 0.49cvss 7.5epss 0.00
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due…
- risk 0.49cvss 7.5epss 0.00
An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.
- risk 0.49cvss 7.5epss 0.00
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.
- risk 0.49cvss 7.6epss 0.00
An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading.
- risk 0.49cvss 7.5epss 0.01
This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat,…
- risk 0.49cvss 7.5epss 0.01
Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 to 1.200 and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication…
- risk 0.47cvss 7.3epss 0.00
A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The…
- risk 0.47cvss 7.2epss 0.00
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5.