CWE-233
Improper Handling of Parameters
BaseIncomplete
Description
The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-39
CVEs mapped to this weakness (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-20514 | Hig | 0.57 | — | 0.00 | Feb 11, 2026 | Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution | |
| CVE-2018-25233 | Med | 0.40 | 6.2 | 0.00 | Mar 30, 2026 | WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash. | |
| CVE-2026-22626 | Med | 0.32 | 4.9 | 0.00 | Jan 30, 2026 | Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages. | |
| CVE-2023-1419 | Med | 0.31 | 5.9 | 0.00 | Nov 17, 2024 | A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data. | |
| CVE-2026-33585 | Low | 0.25 | 3.8 | 0.00 | May 13, 2026 | Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03. |