VYPR

CWE-1287

Improper Validation of Specified Type of Input

BaseIncomplete

Description

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (69)

page 2 of 4
  • CVE-2024-48851HigSep 18, 2025
    risk 0.47cvss 7.2epss 0.01

    Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5.

  • CVE-2026-10825HigJun 16, 2026
    risk 0.46cvss epss 0.00

    A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device…

  • CVE-2024-56908MedFeb 13, 2025
    risk 0.44cvss 6.8epss 0.01

    In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. By providing malicious input in the rel_id parameter, combined with improper input validation, the attacker can bypass restrictions and upload…

  • CVE-2024-6858MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.

  • CVE-2026-29645HigApr 20, 2026
    risk 0.42cvss 7.5epss 0.01

    NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings…

  • CVE-2026-33806HigApr 15, 2026
    risk 0.42cvss 7.5epss 0.00

    Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression…

  • CVE-2024-2105MedDec 10, 2025
    risk 0.42cvss 6.5epss 0.00

    An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.

  • CVE-2025-40910MedJun 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who…

  • CVE-2021-47156MedMar 18, 2024
    risk 0.42cvss 6.5epss 0.00

    The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

  • CVE-2026-9521HigMay 26, 2026
    risk 0.40cvss 7.3epss 0.00

    A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/std_smart_ptr.h. Such manipulation leads to improper validation of specified type of input. It is possible to launch the…

  • CVE-2026-0802MedMay 12, 2026
    risk 0.39cvss 6.0epss 0.00

    An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and…

  • CVE-2026-7887MedMay 21, 2026
    risk 0.35cvss 6.4epss 0.00

    For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 (suspended, banned, terminated employee) can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this…

  • CVE-2025-40911MedMay 27, 2025
    risk 0.35cvss 6.5epss 0.00

    Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can…

  • CVE-2025-25186MedFeb 10, 2025
    risk 0.35cvss 6.5epss 0.01

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time…

  • CVE-2024-8125MedFeb 4, 2025
    risk 0.35cvss epss 0.00

    Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection.  A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code…

  • CVE-2024-47262MedMar 4, 2025
    risk 0.34cvss 5.3epss 0.00

    Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of…

  • CVE-2025-32901MedDec 5, 2025
    risk 0.28cvss 4.3epss 0.00

    In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.

  • CVE-2025-9524MedNov 11, 2025
    risk 0.28cvss 4.3epss 0.00

    The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account.

  • CVE-2025-0325MedJun 2, 2025
    risk 0.28cvss 4.3epss 0.00

    A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.

  • CVE-2025-61672MedOct 8, 2025
    risk 0.27cvss epss 0.00

    Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation…