VYPR

CWE-1287

Improper Validation of Specified Type of Input

BaseIncomplete

Description

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (69)

page 3 of 4
  • CVE-2025-52883MedJun 24, 2025
    risk 0.27cvss 5.3epss 0.00

    Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the…

  • CVE-2025-8556LowAug 6, 2025
    risk 0.24cvss 3.7epss 0.00

    A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.

  • CVE-2026-47675MedMay 28, 2026
    risk 0.21cvss 4.3epss 0.00

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize() function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax (;, \r, \n), but does not apply the same…

  • CVE-2026-4646MedMay 22, 2026
    risk 0.21cvss 4.3epss 0.00

    Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint..…

  • CVE-2025-1057MedMar 15, 2025
    risk 0.21cvss 4.3epss 0.00

    A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data…

  • CVE-2025-24335LowJul 2, 2025
    risk 0.13cvss 2.0epss 0.00

    Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for…

  • CVE-2026-54235Jun 17, 2026
    risk 0.00cvss epss 0.00

    ## Summary All temperature validation gates use comparison operators (`<`, `>`), which silently evaluate to `False` for `NaN` and for positive `Infinity` in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce…

  • CVE-2026-2092Mar 18, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a…

  • CVE-2026-25783Mar 16, 2026
    risk 0.00cvss epss 0.00

    Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586

  • CVE-2026-29788Mar 6, 2026
    risk 0.00cvss epss 0.00

    TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports.…

  • CVE-2025-12689Dec 17, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request.

  • CVE-2025-13352Dec 17, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions <=2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted…

  • CVE-2025-60633Nov 24, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.

  • CVE-2025-54525Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.

  • CVE-2025-53652Jul 9, 2025
    risk 0.00cvss epss 0.01

    Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.

  • CVE-2025-46342Apr 30, 2025
    risk 0.00cvss epss 0.01

    Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review request processing due…

  • CVE-2025-41395Apr 24, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and…

  • CVE-2025-32442Apr 18, 2025
    risk 0.00cvss epss 0.01

    Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_…

  • CVE-2025-24804Feb 5, 2025
    risk 0.00cvss epss 0.00

    Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A–Z, a–z,…

  • CVE-2025-20621Jan 16, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post…