CWE-1288
Improper Validation of Consistency within Input
Description
The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-50976 | — | Hig | 0.50 | 7.7 | 0.00 | Feb 2, 2026 | A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB. | |
| CVE-2025-9999 | — | Hig | 0.49 | — | 0.00 | Sep 5, 2025 | Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application. | |
| CVE-2024-5953 | Med | 0.37 | 5.7 | 0.01 | Jun 18, 2024 | A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. | ||
| CVE-2026-9689 | Med | 0.27 | 4.2 | 0.00 | May 27, 2026 | A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web… | ||
| CVE-2025-10929 | 0.00 | — | 0.00 | Oct 29, 2025 | Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2. | |||
| CVE-2025-46722 | 0.00 | — | 0.00 | May 29, 2025 | vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it… | |||
| CVE-2025-2885 | — | 0.00 | — | 0.00 | Mar 27, 2025 | Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or… | ||
| CVE-2023-6245 | — | 0.00 | — | 0.01 | Dec 8, 2023 | The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field… | ||
| CVE-2022-39353 | 0.00 | — | 0.01 | Nov 2, 2022 | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`,… |
- risk 0.50cvss 7.7epss 0.00
A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.
- risk 0.49cvss —epss 0.00
Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application.
- risk 0.37cvss 5.7epss 0.01
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
- risk 0.27cvss 4.2epss 0.00
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web…
- CVE-2025-10929Oct 29, 2025risk 0.00cvss —epss 0.00
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
- CVE-2025-46722May 29, 2025risk 0.00cvss —epss 0.00
vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it…
- CVE-2025-2885Mar 27, 2025risk 0.00cvss —epss 0.00
Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or…
- CVE-2023-6245Dec 8, 2023risk 0.00cvss —epss 0.01
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field…
- CVE-2022-39353Nov 2, 2022risk 0.00cvss —epss 0.01
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`,…