VYPR

CWE-159

Improper Handling of Invalid Use of Special Elements

ClassDraft

Description

The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.

Hierarchy (View 1000)

CVEs mapped to this weakness (4)

  • CVE-2026-35536HigApr 3, 2026
    risk 0.40cvss 7.2epss 0.00

    In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters.

  • CVE-2026-2636MedFeb 25, 2026
    risk 0.36cvss 5.5epss 0.00

    This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger…

  • CVE-2025-61984LowOct 6, 2025
    risk 0.23cvss 3.6epss 0.00

    ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration…

  • CVE-2025-52884LowJun 24, 2025
    risk 0.04cvss epss 0.00

    RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `Steel.validateCommitment`…

VYPR — Vulnerability Intelligence