VYPR

CWE-1287

Improper Validation of Specified Type of Input

BaseIncomplete

Description

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (69)

page 4 of 4
  • CVE-2025-20088Jan 15, 2025
    risk 0.00cvss epss 0.01

    Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.

  • CVE-2025-20086Jan 15, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.

  • CVE-2025-20033Jan 9, 2025
    risk 0.00cvss epss 0.01

    Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and…

  • CVE-2024-54083Dec 16, 2024
    risk 0.00cvss epss 0.01

    Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post.

  • CVE-2024-43426Nov 7, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.

  • CVE-2023-2431Jun 16, 2023
    risk 0.00cvss epss 0.00

    A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in…

  • CVE-2022-39369Nov 1, 2022
    risk 0.00cvss epss 0.01

    phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the…

  • CVE-2022-2421Oct 25, 2022
    risk 0.00cvss epss 0.01

    Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.

  • CVE-2021-20329Jun 10, 2021
    risk 0.00cvss epss 0.01

    Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO…