VYPR

CWE-233

Improper Handling of Parameters

BaseIncomplete

Description

The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-39

CVEs mapped to this weakness (15)

  • CVE-2026-32998CriMay 28, 2026
    risk 0.61cvss epss 0.00

    This vulnerability in Veeam Service Provider Console allows for remote code execution.

  • CVE-2023-20514HigFeb 11, 2026
    risk 0.57cvss epss 0.00

    Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution

  • CVE-2021-45478MedMar 2, 2023
    risk 0.42cvss 6.5epss 0.01

    Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users. This issue affects Library Automation System: before 19.2.

  • CVE-2021-45477MedMar 2, 2023
    risk 0.42cvss 6.5epss 0.01

    Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users. This issue affects Library Automation System: before 19.2.

  • CVE-2018-25233MedMar 30, 2026
    risk 0.40cvss 6.2epss 0.00

    WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in…

  • CVE-2026-22626MedJan 30, 2026
    risk 0.32cvss 4.9epss 0.00

    Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.

  • CVE-2023-1419MedNov 17, 2024
    risk 0.31cvss 5.9epss 0.00

    A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.

  • CVE-2026-33585LowMay 13, 2026
    risk 0.25cvss 3.8epss 0.00

    Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03.

  • CVE-2024-9329Sep 30, 2024
    risk 0.00cvss epss 0.01

    In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a…

  • CVE-2024-25979Feb 19, 2024
    risk 0.00cvss epss 0.01

    The URL parameters accepted by forum search were not limited to the allowed parameters.

  • CVE-2023-50727Dec 22, 2023
    risk 0.00cvss epss 0.01

    Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /"><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0.

  • CVE-2023-50725Dec 22, 2023
    risk 0.00cvss epss 0.01

    Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=" and…

  • CVE-2023-50724Dec 21, 2023
    risk 0.00cvss epss 0.00

    Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path…

  • CVE-2022-3697Oct 28, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password…

  • CVE-2021-28675Jun 2, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.